Copyright©2016byMcGraw-HillEducation.Allrightsreserved.ExceptaspermittedundertheUnitedStatesCopyrightActof1976,nopartofthispublicationmaybereproducedordistributedinanyformorbyanymeans,orstoredinadatabaseorretrievalsystem,withoutthepriorwrittenpermissionofthepublisher,withtheexceptionthattheprogramlistingsmaybeentered,stored,andexecutedinacomputersystem,buttheymaynotbereproducedforpublication.
ISBN:978-0-07-183597-8MHID:0-07-183597-0
ThematerialinthiseBookalsoappearsintheprintversionofthistitle:ISBN:978-0-07-183601-2,MHID:0-07-183601-2.
eBookconversionbycodeMantraVersion1.0
Alltrademarksaretrademarksoftheirrespectiveowners.Ratherthanputatrademarksymbolaftereveryoccurrenceofatrademarkedname,weusenamesinaneditorialfashiononly,andtothebenefitofthetrademarkowner,withnointentionofinfringementofthetrademark.Wheresuchdesignationsappearinthisbook,theyhavebeenprintedwithinitialcaps.
McGraw-HillEducationeBooksareavailableatspecialquantitydiscountstouseaspremiumsandsalespromotionsorforuseincorporatetrainingprograms.Tocontactarepresentative,pleasevisittheContactUspageatwww.mhprofessional.com.
SANSInstituteITCodeofEthicsreproducedwithpermission,©SANSInstitute.
InformationhasbeenobtainedbyMcGraw-HillEducationfromsourcesbelievedtobereliable.However,becauseofthepossibilityofhumanormechanicalerrorbyoursources,McGraw-HillEducation,orothers,
McGraw-HillEducationdoesnotguaranteetheaccuracy,adequacy,orcompletenessofanyinformationandisnotresponsibleforanyerrorsoromissionsortheresultsobtainedfromtheuseofsuchinformation.
McGraw-HillEducationisanindependententityfromCompTIA®.ThispublicationanddigitalcontentmaybeusedinassistingstudentstopreparefortheCompTIASecurity+exam.NeitherCompTIAnorMcGraw-HillEducationwarrantsthatuseofthispublicationanddigitalcontentwillensurepassinganyexam.CompTIAandCompTIASecurity+aretrademarksorregisteredtrademarksofCompTIAintheUnitedStatesand/orothercountries.Allothertrademarksaretrademarksoftheirrespectiveowners.
TERMSOFUSE
ThisisacopyrightedworkandMcGraw-HillEducationanditslicensorsreserveallrightsinandtothework.Useofthisworkissubjecttotheseterms.ExceptaspermittedundertheCopyrightActof1976andtherighttostoreandretrieveonecopyofthework,youmaynotdecompile,disassemble,reverseengineer,reproduce,modify,createderivativeworksbasedupon,transmit,distribute,disseminate,sell,publishorsublicensetheworkoranypartofitwithoutMcGraw-HillEducation’spriorconsent.Youmayusetheworkforyourownnoncommercialandpersonaluse;anyotheruseoftheworkisstrictlyprohibited.Yourrighttousetheworkmaybeterminatedifyoufailtocomplywiththeseterms.
THEWORKISPROVIDED“ASIS.”McGRAW-HILLEDUCATIONANDITSLICENSORSMAKENOGUARANTEESORWARRANTIESASTOTHEACCURACY,ADEQUACYORCOMPLETENESSOFORRESULTSTOBEOBTAINEDFROMUSINGTHEWORK,INCLUDINGANYINFORMATIONTHATCANBEACCESSEDTHROUGHTHEWORKVIAHYPERLINKOROTHERWISE,ANDEXPRESSLYDISCLAIMANYWARRANTY,EXPRESSORIMPLIED,INCLUDINGBUTNOTLIMITEDTOIMPLIEDWARRANTIESOF
MERCHANTABILITYORFITNESSFORAPARTICULARPURPOSE.McGraw-HillEducationanditslicensorsdonotwarrantorguaranteethatthefunctionscontainedintheworkwillmeetyourrequirementsorthatitsoperationwillbeuninterruptedorerrorfree.NeitherMcGraw-HillEducationnoritslicensorsshallbeliabletoyouoranyoneelseforanyinaccuracy,errororomission,regardlessofcause,intheworkorforanydamagesresultingtherefrom.McGraw-HillEducationhasnoresponsibilityforthecontentofanyinformationaccessedthroughthework.UndernocircumstancesshallMcGraw-HillEducationand/oritslicensorsbeliableforanyindirect,incidental,special,punitive,consequentialorsimilardamagesthatresultfromtheuseoforinabilitytousethework,evenifanyofthemhasbeenadvisedofthepossibilityofsuchdamages.Thislimitationofliabilityshallapplytoanyclaimorcausewhatsoeverwhethersuchclaimorcausearisesincontract,tortorotherwise.
AbouttheAuthorsDr.Wm.ArthurConklinisanassociateprofessorandDirectoroftheCenterforInformationSecurityResearchandEducationintheCollegeofTechnologyattheUniversityofHouston.Heholdstwoterminaldegrees,aPh.D.inBusinessAdministration(specializinginInformationSecurity)fromTheUniversityofTexasatSanAntonio(UTSA)andthedegreeElectricalEngineer(specializinginSpaceSystemsEngineering)fromtheNavalPostgraduateSchoolinMonterey,CA.HeholdsCompTIASecurity+,CISSP,CSSLP,CRISC,DFCP,GICSP,andCASPcertifications.AnISSAFellow,heisalsoaseniormemberofASQandamemberofIEEEandACM.Hisresearchinterestsincludetheuseofsystemstheorytoexploreinformationsecurity,specificallyincyber-physicalsystems.Hehascoauthoredsixsecuritybooksandnumerousacademicarticlesassociatedwithinformationsecurity.HeisactiveintheDHS-sponsoredIndustrialControlSystemsJointWorkingGroup(ICSJWG)effortsassociatedwithworkforcedevelopmentandcybersecurityaspectsofindustrialcontrolsystems.Hehasanextensivebackgroundinsecurecodingandisaformerco-chairoftheDHS/DoDSoftwareAssuranceForumworkinggroupforworkforceeducation,training,anddevelopment.
Dr.GregoryWhitehasbeeninvolvedincomputerandnetworksecuritysince1986.Hespent19yearsonactivedutywiththeU.S.AirForceandiscurrentlyintheAirForceReservesassignedtothePentagon.HeobtainedhisPh.D.inComputerSciencefromTexasA&MUniversityin1995.Hisdissertationtopicwasintheareaofcomputernetworkintrusiondetection,andhecontinuestoconductresearchinthisareatoday.HeiscurrentlytheDirectorfortheCenterforInfrastructureAssuranceandSecurityandisanassociateprofessorofcomputerscienceatTheUniversityofTexasatSanAntonio.Dr.Whitehaswrittenandpresentednumerousarticlesandconferencepapersonsecurity.Heisalsothecoauthorforfivetextbooksoncomputerandnetworksecurityandhaswrittenchaptersfortwoothersecuritybooks.Dr.Whitecontinuestobeactiveinsecurityresearch.His
currentresearchinitiativesincludeeffortsinhigh-speedintrusiondetection,communityinfrastructureprotection,andvisualizationofcommunityandorganizationsecuritypostures.
DwayneWilliamsisAssociateDirector,SpecialProjectsfortheCenterforInfrastructureAssuranceandSecurity(CIAS)attheUniversityofTexasatSanAntonioandhasmorethan22yearsofexperienceininformationsystemsandnetworksecurity.Mr.Williams’sexperienceincludessixyearsofcommissionedmilitaryserviceasaCommunications-ComputerInformationSystemsOfficerintheU.S.AirForce,specializinginnetworksecurity,corporateinformationprotection,intrusiondetectionsystems,incidentresponse,andVPNtechnology.PriortojoiningtheCIAS,heservedasDirectorofConsultingforSecureLogixCorporation,wherehedirectedandprovidedsecurityassessmentandintegrationservicestoFortune100,government,publicutility,oilandgas,financial,andtechnologyclients.Mr.Williamsgraduatedin1993fromBaylorUniversitywithaBachelorofArtsinComputerScience.Mr.WilliamsisaCertifiedInformationSystemsSecurityProfessional(CISSP),CompTIAAdvancedSecurityPractitioner(CASP),andcoauthorofMcGraw-Hill’sVoiceandDataSecurity,CompTIASecurity+All-in-OneExamGuide,andCASPCompTIAAdvancedSecurityPractitionerCertificationStudyGuide.
RogerL.Davis,CISSP,CISM,CISA,isanAccountManagerforMicrosoft.HehasservedaspresidentoftheUtahchapteroftheInformationSystemsSecurityAssociation(ISSA)andvariousboardpositionsfortheUtahchapteroftheInformationSystemsAuditandControlAssociation(ISACA).HeisaretiredAirForcelieutenantcolonelwith35yearsofmilitaryandinformationsystems/securityexperience.Mr.DavisservedonthefacultyofBrighamYoungUniversityandtheAirForceInstituteofTechnology.HecoauthoredMcGraw-Hill’sCompTIASecurity+All-in-OneExamGuideandVoiceandDataSecurity.HeholdsaMaster’sdegreeinComputerSciencefromGeorgeWashingtonUniversity,aBachelor’sdegreeinComputerSciencefromBrigham
YoungUniversity,andperformedpost-graduatestudiesinelectricalengineeringandcomputerscienceattheUniversityofColorado.
ChuckCothren,CISSP,isaPrincipalSolutionsSpecialistatSymantecCorporationapplyingawidearrayofnetworksecurityexperience,includingperformingcontrolledpenetrationtesting,incidentresponse,andsecuritymanagementtoassistawidevarietyofclientsintheprotectionoftheircriticaldata.HehasalsoanalyzedsecuritymethodologiesforVoiceoverInternetProtocol(VoIP)systemsandsupervisorycontrolanddataacquisition(SCADA)systems.HeiscoauthorofthebooksVoiceandDataSecurity,andCompTIASecurity+All-in-OneExamGuide.
AbouttheTechnicalEditorBobbyE.RogersisanInformationSecurityEngineerworkingasacontractorforDepartmentofDefenseagencies,helpingtosecure,certify,andaccredittheirinformationsystems.Hisdutiesincludeinformationsystemsecurityengineering,riskmanagement,andcertificationandaccreditationefforts.Heretiredafter21yearsintheUnitedStatesAirForce,servingasanetworksecurityengineerandinstructor,andhassecurednetworksallovertheworld.BobbyhasaMaster’sdegreeinInformationAssurance(IA),andispursuingadoctoraldegreeinCybersecurityfromCapitolTechnologyUniversity,Maryland.HismanycertificationsincludeCRISC,CISSP-ISSEP,C|EH,andMCSE:SecurityaswellastheCompTIAA+,Network+,Security+,andMobility+certifications.
AcknowledgmentsThisbookisdedicatedtothemanysecurityprofessionalswhodaily
worktoensurethesafetyofournation’scriticalinfrastructures.Wewanttorecognizethethousandsofdedicatedindividualswhostrivetoprotect
ournationalassetsbutwhoseldomreceivepraiseandoftenareonlynoticedwhenanincidentoccurs.Toyou,wesaythankyouforajobwell
done!
We,theauthorsofPrinciplesofComputerSecurity,FourthEdition,havemanyindividualswhoweneedtoacknowledge—individualswithoutwhomthiseffortwouldnothavebeensuccessful.ThiseditionwouldnothavebeenpossiblewithoutTimGreen,whosesupportandfaithintheauthorsmadethiseditionpossible.Hebroughttogetheranall-starproductionteamthatmadethisbookmorethanjustanewedition,butacompletelearningsystem.ThelistneedstostartwiththosefolksatMcGraw-HillEducationwho
workedtirelesslywiththeproject’smultipleauthorsandcontributorsandledussuccessfullythroughtheminefieldthatisabookscheduleandwhotookourroughchaptersanddrawingsandturnedthemintoafinal,professionalproductwecanbeproudof.WethankallthegoodpeoplefromtheAcquisitionsteam,TimGreenandAmyStonebraker;fromtheEditorialServicesteam,JodyMcKenzieandHowieSeverson;fromtheIllustrationandProductionteams,JamesKussowandAmarjeetKumarandthecompositionteamatCenveoPublisherServices.Wealsothankthetechnicaleditor,BobbyRogers;thecopyeditor,BillMcManus;theproofreader,PaulTyler;andtheindexer,JackLewis;foralltheirattentiontodetailthatmadethisafinerworkaftertheyfinishedwithit.Wealsoneedtoacknowledgeourcurrentemployerswho,toourgreat
delight,haveseenfittopayustoworkinacareerfieldthatweallfindexcitingandrewarding.Thereisneveradullmomentinsecurity,becauseitisconstantlychanging.WewouldliketothankArtConklinforherdingthecatsonthisone.
Finally,wewouldeachliketoindividuallythankthosepeoplewho—onapersonalbasis—haveprovidedthecoresupportforusindividually.Withoutthesespecialpeopleinourlives,noneofuscouldhaveputthisworktogether.
—TheAuthorTeam
ToSusan,yourloveandsupportiswhatenablesmetodoallthethingsIdo.
—ArtConklin,Ph.D.Iwouldliketothankmywife,Charlan,forthetremendoussupportshehasalwaysgivenme.Itdoesn’tmatterhowmanytimesIhaveswornthatI’llnevergetinvolvedwithanotherbookprojectonlytoreturnwithinmonthstoyetanotherone;throughitall,shehasremainedsupportive.IwouldalsoliketopubliclythanktheUnitedStatesAirForce,which
providedmenumerousopportunitiessince1986tolearnmoreaboutsecuritythanIeverknewexisted.Towhoeveritwaswhodecidedtosendmeasayoungcaptain—freshfromcompletingmymaster’sdegreeinartificialintelligence—tomyfirstassignmentincomputersecurity:thankyou,ithasbeenagreatadventure!
—GregoryB.White,Ph.D.Josie,thankyouforalltheloveandsupport.Macon,John,thisisforyou.
—ChuckCothrenGeena,thanksforbeingmybestfriendandmygreatestsupport.AnythingIamisbecauseofyou.Lovetomykidsandgrandkids!
—RogerL.DavisTomywifeandbestfriend,Leah,foryourlove,energy,andsupport—thankyouforalwaysbeingthere.Here’stomanymoreyearstogether.
—DwayneWilliams
ABOUTTHISBOOK
ImportantTechnologySkillsInformationtechnology(IT)offersmanycareerpaths,andinformationsecurityisoneofthefastest-growingtracksforITprofessionals.Thisbookprovidescoverageofthematerialsyouneedtobeginyourexplorationofinformationsecurity.InadditiontocoveringalloftheCompTIASecurity+examobjectives,additionalmaterialisincludedtohelpyoubuildasolidintroductoryknowledgeofinformationsecurity.
ProvenLearningMethodKeepsYouonTrackDesignedforclassroomuseandwrittenbyinstructorsforuseintheirownclasses,PrinciplesofComputerSecurityisstructuredtogiveyoucomprehensiveknowledgeofinformationsecurity.Thetextbook’sactivelearningmethodologyguidesyoubeyondmererecalland—throughthought-provokingactivities,labs,andsidebars—helpsyoudevelopcritical-thinking,diagnostic,andcommunicationskills.
EffectiveLearningToolsThisfeature-richtextbookisdesignedtomakelearningeasyandenjoyableandtohelpyoudeveloptheskillsandcritical-thinkingabilitiesthatwillenableyoutoadapttodifferentjobsituationsandtotroubleshootproblems.Writtenbyinstructorswithdecadesofcombinedinformationsecurityexperience,thisbookconveyseventhemostcomplexissuesinanaccessible,easy-tounderstandformat.
Eachchapterincludes
LearningObjectivesthatsetmeasurablegoalsforchapter-by-chapterprogress
Illustrationsthatgiveyouaclearpictureoftheconceptsandtechnologies
TryThis!,CrossCheck,andTechTipsidebarsthatencourageyoutopracticeandapplyconceptsinreal-worldsettings
Notes,Tips,andWarningsthatguideyou,andExamTipsthatgiveyouadviceorprovideinformationspecificallyrelatedtopreparingfortheexam
ChapterSummariesandKeyTermsListsthatprovideyouwithaneasywaytoreviewimportantconceptsandvocabulary
ChallengingEnd-of-ChapterTeststhatincludevocabulary-buildingexercises,multiple-choicequestions,essayquestions,andon-the-joblabprojects
CompTIAAPPROVEDQUALITYCONTENT
ItPaystoGetCertifiedInadigitalworld,digitalliteracyisanessentialsurvivalskill.Certificationdemonstratesthatyouhavetheknowledgeandskilltosolvetechnicalorbusinessproblemsinvirtuallyanybusinessenvironment.CompTIAcertificationsarehighlyvaluedcredentialsthatqualifyyouforjobs,increasedcompensation,andpromotion.
CompTIASecurity+CertificationHelpsYour
Career
Securityisoneofthehighestdemandjobcategories,growinginimportanceasthefrequencyandseverityofsecuritythreatscontinuestobeamajorconcernfororganizationsaroundtheworld.
Jobsforsecurityadministratorsareexpectedtoincreaseby18%—theskillsetrequiredforthesetypesofjobsmapstotheCompTIASecurity+certification.
NetworkSecurityAdministratorscanearnasmuchas$106,000peryear.
CompTIASecurity+isthefirststepinstartingyourcareerasaNetworkSecurityAdministratororSystemsSecurityAdministrator.
Morethan250,000individualsworldwideareCompTIASecurity+certified.
CompTIASecurity+isregularlyusedinorganizationssuchasHitachiSystems,FujiXerox,HP,Dell,andavarietyofmajorU.S.governmentcontractors.
ApprovedbytheU.S.DepartmentofDefense(DoD)asoneoftherequiredcertificationoptionsintheDoD8570.01-Mdirective,forInformationAssuranceTechnicalLevelIIandManagementLevelIjobroles.
StepstoGettingCertifiedandStayingCertified1.Reviewtheexamobjectives.Reviewthecertificationobjectivesto
makesureyouknowwhatiscoveredintheexam:http://certification.comptia.org/examobjectives.aspx
2.Practicefortheexam.Afteryouhavestudiedforthecertificationexam,reviewandanswersamplequestionstogetanideaofwhattypeofquestionsmightbeontheexam:http://certification.comptia.org/samplequestions.aspx
3.Purchaseanexamvoucher.YoucanpurchaseexamvouchersontheCompTIAMarketplace,www.comptiastore.com.
4.Takethetest!GotothePearsonVUEwebsite,www.pearsonvue.com/comptia/,andscheduleatimetotakeyourexam.
5.Staycertified!EffectiveJanuary1,2011,newCompTIASecurity+certificationsarevalidforthreeyearsfromthedateofcertification.Thereareanumberofwaysthecertificationcanberenewed.Formoreinformationgotohttp://certification.comptia.org/ce.
ForMoreInformationVisitCompTIAonlineGotohttp://certification.comptia.org/home.aspxtolearnmoreaboutgettingCompTIAcertified.
ContactCompTIAPleasecall866-835-8020andchooseOption2,ore-mail[emailprotected].
ConnectwithCompTIAFindCompTIAonFacebook,LinkedIn,Twitter,andYouTube.
mailto:[emailprotected]
ContentSealofQualityThiscoursewarebearsthesealofCompTIAApprovedQualityContent.Thissealsignifiesthiscontentcovers100percentoftheexamobjectivesandimplementsimportantinstructionaldesignprinciples.CompTIArecommendsmultiplelearningtoolstohelpincreasecoverageofthelearningobjectives.
CAQCDisclaimerThelogooftheCompTIAApprovedQualityContent(CAQC)programandthestatusofthisorothertrainingmaterialas“Approved”undertheCompTIAApprovedQualityContentprogramsignifiesthat,inCompTIA’sopinion,suchtrainingmaterialcoversthecontentofCompTIA’srelatedcertificationexam.ThecontentsofthistrainingmaterialwerecreatedfortheCompTIA
Security+examcoveringCompTIAcertificationobjectivesthatwerecurrentasofthedateofpublication.CompTIAhasnotreviewedorapprovedtheaccuracyofthecontentsof
thistrainingmaterialandspecificallydisclaimsanywarrantiesofmerchantabilityorfitnessforaparticularpurpose.CompTIAmakesnoguaranteeconcerningthesuccessofpersonsusinganysuch“Approved”orothertrainingmaterialinordertoprepareforanyCompTIAcertificationexam.
CONTENTSATAGLANCE
Chapter1 IntroductionandSecurityTrends
Chapter2 GeneralSecurityConcepts
Chapter3 OperationalandOrganizationalSecurity
Chapter4 TheRoleofPeopleinSecurity
Chapter5 Cryptography
Chapter6 PublicKeyInfrastructure
Chapter7 PKIStandardsandProtocols
Chapter8 PhysicalSecurity
Chapter9 NetworkFundamentals
Chapter10 InfrastructureSecurity
Chapter11 AuthenticationandRemoteAccess
Chapter12 WirelessSecurityandMobileDevices
Chapter13 IntrusionDetectionSystemsandNetworkSecurity
Chapter14 SystemHardeningandBaselines
Chapter15 TypesofAttacksandMaliciousSoftware
Chapter16 E-MailandInstantMessaging
Chapter17 WebComponents
Chapter18 SecureSoftwareDevelopment
Chapter19 BusinessContinuityandDisasterRecovery,andOrganizationalPolicies
Chapter20 RiskManagement
Chapter21 ChangeManagement
Chapter22 IncidentResponse
Chapter23 ComputerForensics
Chapter24 LegalIssuesandEthics
Chapter25 Privacy
AppendixA CompTIASecurity+ExamObjectives:SY0-401
AppendixB AbouttheDownload
Glossary
Index
CONTENTS
ForewordPrefaceIntroductionInstructorWebSite
Chapter1IntroductionandSecurityTrendsTheComputerSecurityProblem
DefinitionofComputerSecurityHistoricalSecurityIncidentsTheCurrentThreatEnvironmentThreatstoSecuritySecurityTrends
TargetsandAttacksSpecificTargetOpportunisticTargetMinimizingPossibleAvenuesofAttack
ApproachestoComputerSecurityEthicsAdditionalReferencesChapter1Review
Chapter2GeneralSecurityConceptsBasicSecurityTerminology
SecurityBasics
SecurityTenetsSecurityApproachesSecurityPrinciplesAccessControlAuthenticationMechanismsAuthenticationandAccessControlPolicies
SecurityModelsConfidentialityModelsIntegrityModels
Chapter2Review
Chapter3OperationalandOrganizationalSecurityPolicies,Procedures,Standards,andGuidelines
SecurityPoliciesChangeManagementPolicyDataPoliciesHumanResourcesPoliciesDueCareandDueDiligenceDueProcessIncidentResponsePoliciesandProcedures
SecurityAwarenessandTrainingSecurityPolicyTrainingandProceduresRole-BasedTrainingCompliancewithLaws,BestPractices,andStandardsUserHabitsNewThreatsandSecurityTrends/AlertsTrainingMetricsandCompliance
InteroperabilityAgreementsServiceLevelAgreementsBusinessPartnershipAgreement
MemorandumofUnderstandingInterconnectionSecurityAgreement
TheSecurityPerimeterPhysicalSecurity
PhysicalAccessControlsPhysicalBarriers
EnvironmentalIssuesFireSuppression
WirelessElectromagneticEavesdropping
ModernEavesdroppingChapter3Review
Chapter4TheRoleofPeopleinSecurityPeople—ASecurityProblem
SocialEngineeringPoorSecurityPractices
PeopleasaSecurityToolSecurityAwarenessSecurityPolicyTrainingandProcedures
Chapter4Review
Chapter5CryptographyCryptographyinPractice
FundamentalMethodsComparativeStrengthsandPerformanceofAlgorithms
HistoricalPerspectivesSubstitutionCiphersOne-TimePads
AlgorithmsKeyManagementRandomNumbers
HashingFunctionsSHARIPEMDMessageDigestHashingSummary
SymmetricEncryptionDES3DESAESCASTRCBlowfishTwofishIDEABlockvs.StreamSymmetricEncryptionSummary
AsymmetricEncryptionDiffie-HellmanRSAElGamalECCAsymmetricEncryptionSummarySymmetricvs.Asymmetric
QuantumCryptographySteganographyCryptographyAlgorithmUse
ConfidentialityIntegrity
AuthenticationNonrepudiationCipherSuitesKeyExchangeKeyEscrowSessionKeysEphemeralKeysKeyStretchingSecrecyPrinciplesTransportEncryptionDigitalSignaturesDigitalRightsManagementCryptographicApplicationsUseofProvenTechnologies
Chapter5Review
Chapter6PublicKeyInfrastructureTheBasicsofPublicKeyInfrastructuresCertificateAuthoritiesRegistrationAuthorities
LocalRegistrationAuthoritiesDigitalCertificates
CertificateExtensionsCertificateAttributes
CertificateLifecyclesRegistrationandGenerationCSRRenewalSuspensionRevocation
KeyDestructionCertificateRepositoriesTrustandCertificateVerificationCentralizedandDecentralizedInfrastructures
HardwareSecurityModulesPrivateKeyProtectionKeyRecoveryKeyEscrow
PublicCertificateAuthoritiesIn-HouseCertificateAuthorities
ChoosingBetweenaPublicCAandanIn-HouseCAOutsourcedCertificateAuthoritiesTyingDifferentPKIsTogetherTrustModels
Certificate-BasedThreatsStolenCertificates
Chapter6Review
Chapter7PKIStandardsandProtocolsPKIXandPKCS
PKIXStandardsPKCSWhyYouNeedtoKnowthePKIXandPKCSStandards
X.509SSL/TLSCipherSuitesISAKMPCMPXKMSS/MIME
IETFS/MIMEHistoryIETFS/MIMEv3Specifications
PGPHowPGPWorks
HTTPSIPsecCEPOtherStandards
FIPSCommonCriteriaWTLSISO/IEC27002(FormerlyISO17799)SAML
Chapter7Review
Chapter8PhysicalSecurityTheSecurityProblemPhysicalSecuritySafeguards
WallsandGuardsPhysicalAccessControlsandMonitoringConvergencePoliciesandProceduresEnvironmentalControls
FireSuppressionWater-BasedFireSuppressionSystemsHalon-BasedFireSuppressionSystemsClean-AgentFireSuppressionSystemsHandheldFireExtinguishersFireDetectionDevices
PowerProtection
UPSBackupPowerandCableShieldingElectromagneticInterference
ElectronicAccessControlSystemsAccessTokens
Chapter8Review
Chapter9NetworkFundamentalsNetworkArchitecturesNetworkTopologyNetworkProtocols
ProtocolsPackets
InternetProtocolIPPacketsTCPvs.UDPICMP
IPv4vs.IPv6PacketDelivery
EthernetLocalPacketDeliveryRemotePacketDeliveryIPAddressesandSubnettingNetworkAddressTranslation
SecurityZonesDMZInternetIntranetExtranetFlatNetworks
EnclavesVLANsZonesandConduits
TunnelingStorageAreaNetworks
iSCSIFibreChannelFCoE
Chapter9Review
Chapter10InfrastructureSecurityDevices
WorkstationsServersVirtualizationMobileDevicesDeviceSecurity,CommonConcernsNetworkAttachedStorageRemovableStorage
NetworkingNetworkInterfaceCardsHubsBridgesSwitchesRoutersFirewallsHowDoFirewallsWork?Next-GenerationFirewallsWebApplicationFirewallsvs.NetworkFirewallsConcentrators
WirelessDevicesModemsTelephonyVPNConcentrator
SecurityDevicesIntrusionDetectionSystemsNetworkAccessControlNetworkMonitoring/DiagnosticLoadBalancersProxiesWebSecurityGatewaysInternetContentFiltersDataLossPreventionUnifiedThreatManagement
MediaCoaxialCableUTP/STPFiberUnguidedMedia
RemovableMediaMagneticMediaOpticalMediaElectronicMedia
SecurityConcernsforTransmissionMediaPhysicalSecurityConcernsCloudComputing
PrivatePublicHybridCommunitySoftwareasaService
PlatformasaServiceInfrastructureasaService
Chapter10Review
Chapter11AuthenticationandRemoteAccessUser,Group,andRoleManagement
UserGroupRole
PasswordPoliciesDomainPasswordPolicy
SingleSign-OnTimeofDayRestrictionsTokensAccountandPasswordExpiration
SecurityControlsandPermissionsAccessControlListsMandatoryAccessControl(MAC)DiscretionaryAccessControl(DAC)Role-BasedAccessControl(RBAC)Rule-BasedAccessControlAttributeBasedAccessControl(ABAC)AccountExpiration
PreventingDataLossorTheftTheRemoteAccessProcess
IdentificationAuthenticationAuthorizationAccessControl
RemoteAccessMethods
IEEE802.1XRADIUSTACACS+AuthenticationProtocolsFTP/FTPS/SFTPVPNsIPsecVulnerabilitiesofRemoteAccessMethods
ConnectionSummaryChapter11Review
Chapter12WirelessSecurityandMobileDevicesIntroductiontoWirelessNetworkingMobilePhones
WirelessApplicationProtocol3GMobileNetworks4GMobileNetworks
BluetoothBluetoothAttacks
NearFieldCommunicationIEEE802.11Series
802.11:IndividualStandardsAttacking802.11CurrentSecurityMethods
WirelessSystemsConfigurationAntennaTypesAntennaPlacementPowerLevelControlsSiteSurveysCaptivePortals
SecuringPublicWi-FiMobileDevices
MobileDeviceSecurityBYODConcernsLocationServicesMobileApplicationSecurity
Chapter12Review
Chapter13IntrusionDetectionSystemsandNetworkSecurityHistoryofIntrusionDetectionSystemsIDSOverview
IDSModelsSignaturesFalsePositivesandFalseNegatives
Network-BasedIDSsAdvantagesofaNIDSDisadvantagesofaNIDSActivevs.PassiveNIDSsNIDSTools
Host-BasedIDSsAdvantagesofHIDSsDisadvantagesofHIDSsActivevs.PassiveHIDSsResurgenceandAdvancementofHIDSs
IntrusionPreventionSystemsHoneypotsandHoneynetsTools
ProtocolAnalyzerSwitchedPortAnalyzerPortScanner
Passivevs.ActiveToolsBannerGrabbing
Chapter13Review
Chapter14SystemHardeningandBaselinesOverviewofBaselinesOperatingSystemandNetworkOperatingSystemHardening
OSSecurityHostSecurity
MachineHardeningOperatingSystemSecurityandSettingsOSHardeningHardeningMicrosoftOperatingSystemsHardeningUNIX-orLinux-BasedOperatingSystemsUpdates(a.k.a.Hotfixes,ServicePacks,andPatches)AntimalwareWhiteListingvs.BlackListingApplicationsTrustedOSHost-basedFirewallsHardwareSecurityHostSoftwareBaselining
Host-BasedSecurityControlsHardware-BasedEncryptionDevicesDataEncryptionDataSecurityHandlingBigDataCloudStorageStorageAreaNetworkPermissions/ACL
NetworkHardening
SoftwareUpdatesDeviceConfigurationSecuringManagementInterfacesVLANManagementIPv4vs.IPv6
ApplicationHardeningApplicationConfigurationBaselineApplicationPatchesPatchManagementHostSoftwareBaselining
GroupPoliciesSecurityTemplatesAlternativeEnvironments
SCADAEmbeddedSystemsPhonesandMobileDevicesMainframeGameConsolesIn-VehicleComputingSystemsAlternativeEnvironmentMethodsNetworkSegmentationSecurityLayersApplicationFirewallsManualUpdatesFirmwareVersionControlWrappersControlRedundancyandDiversity
Chapter14Review
Chapter15TypesofAttacksandMaliciousSoftware
AvenuesofAttackMinimizingPossibleAvenuesofAttack
MaliciousCodeVirusesWormsPolymorphicMalwareTrojanHorsesRootkitsLogicBombsSpywareAdwareBotnetsBackdoorsandTrapdoorsRansomwareMalwareDefenses
AttackingComputerSystemsandNetworksDenial-of-ServiceAttacksSocialEngineeringNullSessionsSniffingSpoofingTCP/IPHijackingMan-in-the-MiddleAttacksReplayAttacksTransitiveAccessSpamSpimPhishingSpearPhishingVishingPharming
ScanningAttacksAttacksonEncryptionAddressSystemAttacksCachePoisoningPasswordGuessingPass-the-HashAttacksSoftwareExploitationClient-SideAttacks
AdvancedPersistentThreatRemoteAccessTrojans
ToolsMetasploitBackTrack/KaliSocial-EngineeringToolkitCobaltStrikeCoreImpactBurpSuite
AuditingPerformRoutineAudits
Chapter15Review
Chapter16E-MailandInstantMessagingHowE-MailWorks
E-MailStructureMIME
SecurityofE-MailMaliciousCodeHoaxE-MailsUnsolicitedCommercialE-Mail(Spam)SenderIDFramework
DomainKeysIdentifiedMailMailEncryption
S/MIMEPGP
InstantMessagingModernInstantMessagingSystems
Chapter16Review
Chapter17WebComponentsCurrentWebComponentsandConcernsWebProtocols
Encryption(SSLandTLS)TheWeb(HTTPandHTTPS)HTTPSEverywhereHTTPStrictTransportSecurityDirectoryServices(DAPandLDAP)FileTransfer(FTPandSFTP)Vulnerabilities
Code-BasedVulnerabilitiesBufferOverflowsJavaJavaScriptActiveXSecuringtheBrowserCGIServer-SideScriptsCookiesBrowserPlug-insMaliciousAdd-onsSignedApplets
Application-BasedWeaknessesSessionHijackingClient-SideAttacksWeb2.0andSecurity
Chapter17Review
Chapter18SecureSoftwareDevelopmentTheSoftwareEngineeringProcess
ProcessModelsSecureDevelopmentLifecycle
SecureCodingConceptsErrorandExceptionHandlingInputandOutputValidationFuzzingBugTracking
ApplicationAttacksCross-SiteScriptingInjectionsDirectoryTraversal/CommandInjectionBufferOverflowIntegerOverflowCross-SiteRequestForgeryZero-DayAttachmentsLocallySharedObjectsClient-SideAttacksArbitrary/RemoteCodeExecutionOpenVulnerabilityandAssessmentLanguage
ApplicationHardeningApplicationConfigurationBaseline
ApplicationPatchManagementNoSQLDatabasesvs.SQLDatabasesServer-Sidevs.Client-SideValidation
Chapter18Review
Chapter19BusinessContinuityandDisasterRecovery,andOrganizationalPolicies
BusinessContinuityBusinessContinuityPlansBusinessImpactAnalysisIdentificationofCriticalSystemsandComponentsRemovingSinglePointsofFailureRiskAssessmentSuccessionPlanningContinuityofOperations
DisasterRecoveryDisasterRecoveryPlans/ProcessCategoriesofBusinessFunctionsITContingencyPlanningTest,Exercise,andRehearseRecoveryTimeObjectiveandRecoveryPointObjectiveBackupsAlternativeSitesUtilitiesSecureRecoveryCloudComputingHighAvailabilityandFaultToleranceFailureandRecoveryTiming
Chapter19Review
Chapter20RiskManagementAnOverviewofRiskManagement
ExampleofRiskManagementattheInternationalBankingLevelRiskManagementVocabulary
WhatIsRiskManagement?RiskManagementCulture
BusinessRisksExamplesofBusinessRisksExamplesofTechnologyRisks
RiskMitigationStrategiesChangeManagementIncidentManagementUserRightsandPermissionsReviewsDataLossorTheft
RiskManagementModelsGeneralRiskManagementModelSoftwareEngineeringInstituteModelNISTRiskModelsModelApplication
QualitativelyAssessingRiskQuantitativelyAssessingRisk
AddingObjectivitytoaQualitativeAssessmentRiskCalculation
Qualitativevs.QuantitativeRiskAssessmentTools
Cost-EffectivenessModelingRiskManagementBestPractices
SystemVulnerabilitiesThreatVectorsProbability/ThreatLikelihood
Risk-Avoidance,Transference,Acceptance,Mitigation,DeterrenceRisksAssociatedwithCloudComputingandVirtualization
Chapter20Review
Chapter21ChangeManagementWhyChangeManagement?TheKeyConcept:SeparationofDutiesElementsofChangeManagementImplementingChangeManagement
Back-outPlanThePurposeofaChangeControlBoard
CodeIntegrityTheCapabilityMaturityModelIntegrationChapter21Review
Chapter22IncidentResponseFoundationsofIncidentResponse
IncidentManagementAnatomyofanAttackGoalsofIncidentResponse
IncidentResponseProcessPreparationSecurityMeasureImplementationIncidentIdentification/DetectionInitialResponseIncidentIsolationStrategyFormulationInvestigationRecovery/ReconstitutionProcedures
ReportingFollow-up/LessonsLearned
StandardsandBestPracticesStateofCompromiseNISTDepartmentofJusticeIndicatorsofCompromiseCyberKillChainMakingSecurityMeasurable
Chapter22Review
Chapter23ComputerForensicsEvidence
TypesofEvidenceStandardsforEvidenceThreeRulesRegardingEvidence
ForensicProcessAcquiringEvidenceIdentifyingEvidenceProtectingEvidenceTransportingEvidenceStoringEvidenceConductingtheInvestigation
AnalysisChainofCustodyMessageDigestandHashHostForensics
FileSystems WindowsMetadataLinuxMetadata
DeviceForensicsNetworkForensicsE-Discovery
ReferenceModelBigDataCloud
Chapter23Review
Chapter24LegalIssuesandEthicsCybercrime
CommonInternetCrimeSchemesSourcesofLawsComputerTrespassSignificantU.S.LawsPaymentCardIndustryDataSecurityStandard(PCIDSS)Import/ExportEncryptionRestrictionsNon-U.S.LawsDigitalSignatureLawsDigitalRightsManagement
EthicsChapter24Review
Chapter25PrivacyPersonallyIdentifiableInformation(PII)
SensitivePIINotice,Choice,andConsent
U.S.PrivacyLawsPrivacyActof1974FreedomofInformationAct(FOIA)
FamilyEducationRecordsandPrivacyAct(FERPA)U.S.ComputerFraudandAbuseAct(CFAA)U.S.Children’sOnlinePrivacyProtectionAct(COPPA)VideoPrivacyProtectionAct(VPPA)HealthInsurancePortability&AccountabilityAct(HIPAA)Gramm-Leach-BlileyAct(GLBA)CaliforniaSenateBill1386(SB1386)U.S.BankingRulesandRegulationsPaymentCardIndustryDataSecurityStandard(PCIDSS)FairCreditReportingAct(FCRA)FairandAccurateCreditTransactionsAct(FACTA)
Non-FederalPrivacyConcernsintheUnitedStatesInternationalPrivacyLaws
OECDFairInformationPracticesEuropeanLawsCanadianLawsAsianLaws
Privacy-EnhancingTechnologiesPrivacyPolicies
PrivacyImpactAssessmentWebPrivacyIssues
CookiesPrivacyinPractice
UserActionsDataBreaches
Chapter25Review
AppendixACompTIASecurity+ExamObjectives:SY0-401
AppendixB
AbouttheDownloadSystemRequirementsDownloadingTotalTesterPremiumPracticeExamSoftwareTotalTesterPremiumPracticeExamSoftware
InstallingandRunningTotalTesterTechnicalSupport
TotalSeminarsTechnicalSupportMcGraw-HillEducationContentSupport
Glossary
Index
FOREWORD
Selectingabookistrickyforme.Ifitisforpersonalreading,willIlikereadingit?Ifitisformyprofessionaldevelopment,willitmeettheneed?Ifitisformystudents,willitbeclearandconcise?ThisneweditionofPrinciplesofComputerSecuritypassesallthreetestswithflyingcolors.Ienjoyedreadingit.IfIneededtopasstheCompTIASecurity+orotherpractitionerexamination,itwouldprepareme.Andfinally,basedonpersonalexperience,studentswilllikethisbookandfindittobevaluablereadingandstudymaterial.Itevenhaspracticeexamsforcertificationformyconvenience.Formorethan40yearsIhaveworkedinsomevarietyofcomputer
security.Whenpeopleaskmewhatdefinesmyjob,Irespondwith“Idon’tknowuntilIreadthemorningnewspaperbecausethesecurityenvironmentchangesrapidly.”Ifyouwanttogetintothecomputersecurityindustry,readingandunderstandingthisbookisagreatintroduction.Nowinitsfourthedition,the25chaptersofPrinciplesofComputerSecurityfocusonabroadspectrumofimportanttopicstopreparethereadertobeacertifiedcomputersecuritypractitioner.Therealdealmakerformeisthefurtherendorsementofthecontents:thebookisbasedonCompTIAApprovedQualityContent(CAQC)andservesasbothanexampreparationguideandausefulreference.Dr.Conklinandhisteamofcoauthorseasethereaderintothemeatof
thetopicbyreviewingbothsecuritytrendsandconcepts.Theythenaddresssecurityfromtwodifferentperspectives.Firsttheyfocusontheorganization’sneedforsecurity,andthenfocusontheimportantroleofpeople.Thesetwoperspectivesareintertwined;itisessentialforasecuritypractitionertounderstandthesecurityenvironmentandhowthepeoplemakeitwork.Everypractitionerneedstounderstandtheunderlyingtechnologyand
toolsofcomputersecurity.Someindividualshaveanideaaboutsecuritytopicsbutdonothavetheessentialknowledgeneededtoaddressthemindepth.Theauthorshaveprovidedninemasterfulchaptersintroducingthesekeyconcepts.Forexample,inasinglechaptertheyprovidethebasisforthereadertodealwithsecurityofnetworks.Thischaptersupportseverythingthereaderneedstoknowtoaddressstandardsandprotocols,infrastructuresecurity,remoteaccessandauthentication,aswellaswireless.Theauthorsintegratetheseconceptstosupportpublickeyinfrastructure(PKI)andintrusiondetectionsystemsfornetworksecuritywithoutforgettingtheimportanceofphysicalsecurityinprotectingtheinformationsystemaswellasinfrastructure.Oneofthemostdebatedtopicsinsecurityistheimportanceof
cryptography.Somewouldassertthatalmostalldigitalsecuritycanbeaccomplishedwithcryptography,thatsecurityandcryptographyareinseparable,withcryptographybeingthecornerstoneofsecuringdatainbothtransmissionandstorage.However,ifcomputersecuritywereaseasyas“encrypteverything,”thiswouldbeaveryshortbook.Whilecryptographyisveryimportantandaverycomplexsecuritymeasure,itisnotapanacea—butitdoesprovideforlivelydiscussions.Theauthorsbringallthesecomponentstogetherwithacomprehensivechapteronintrusiondetectionandprevention.Oncethereaderhasmasteredthebasics,theauthorsaddresse-mail,
malicioussoftware,instantmessaging,andwebcomponentsinsuchawaythatthereadercanapplyhisorherknowledgeofnetworksandsecurityfundamentals.Thereaderwillthenbeprovidedwithanoverviewofsecuresoftwaredevelopment.In2015,boththeU.S.DepartmentofHomelandSecurityandCSOmagazineconcludedthatpoorlydevelopedsoftwareisoneofthebiggestcyberthreats—perhaps90percentofthethreatscomethroughpoorsoftwaredesign.Inthefinalanalysis,securityisreallyallaboutriskmanagement.What
isyourorganization’sappetiteforriskandhowisthatriskmanaged?Thechapterscoveringriskmanagementleadthereaderthroughtheselesstechnicalissuestogainanunderstandinghowtheseimpactthe
organization.Baselinesandchangemanagementareessentialtounderstandingwhatassetsarebeingsecuredandhowtheyarebeingchanged.Areaderwholearnstheseskillswellwillbeabletoworkinincidentresponse,disasterrecovery,andbusinesscontinuity.Understandingtheseprocessesandhowtheyworkwithtechnicalissuesexpandscareeropportunities.Theauthorsconcludetheirreviewoftheprinciplesofcomputersecurity
withanexaminationofprivacy,legalissues,andethics.Althoughthesetopicsappearattheendofthebook,theyarecrucialissuesinthemodernworld.Remember,asacomputersecuritypractitioner,youwillhavelegalaccesstomoredataandinformationthananyelseintheorganization.Althoughnotthelastchapterinthebook,Ihavedecidedtocommenton
forensicslast.Theauthorshavedoneawonderfuljobofaddressingthiscomplextopic.Butwhymentionitlast?Becausemanytimesforensicsiswhatonedoesaftercomputersecurityfails.Itmakesagoodepitaphforawonderfulbook.Tonightitis15degreesandsnowingoutsidewhileIsitinmystudy—
warm,dry,andcomfortable;myhomeismycastle.Notbadformid-winterinIdaho;however,IshouldnotforgetthatonereasonIamcomfortableisbecausecertifiedcomputersecuritypractitionersareprotectingmyinformationandprivacyaswellasthecriticalinfrastructurethatsupportsit.
ForInstructorsIhavetaughtfromprioreditionsofthisbookandhaveuseditscompanionlaboratorymanualforseveralyears.BothPrinciplesofComputerSecurity,FourthEditionandPrinciplesofComputerSecurityLabManual,FourthEditionhaveinstructormaterialsonacompanionWebsiteavailabletoadoptinginstructors.Instructormanuals,includingtheanswerstotheend-of-chapterquestions,PowerPointslides,andthetestbankofquestionsforuseasquizzesorexams,makepreparationasnap.
CoreyD.Schou,PhDSeriesEditor
UniversityProfessorofInformaticsProfessorofComputerScience
DirectoroftheNationalInformationAssuranceTrainingandEducationCenter
IdahoStateUniversity
PREFACE
InformationandcomputersecurityhasmovedfromtheconfinesofacademiatomainstreamAmericainthe21stcentury.Databreaches,informationdisclosures,andhigh-profilehacksinvolvingthetheftofinformationandintellectualpropertyseemtobearegularstapleofthenews.Ithasbecomeincreasinglyobvioustoeverybodythatsomethingneedstobedonetosecurenotonlyournation’scriticalinfrastructurebutalsothebusinesseswedealwithonadailybasis.Thequestionis,“Wheredowebegin?”Whatcantheaverageinformationtechnologyprofessionaldotosecurethesystemsthatheorsheishiredtomaintain?Oneimmediateansweriseducationandtraining.Ifwewanttosecureourcomputersystemsandnetworks,weneedtoknowhowtodothisandwhatsecurityentails.Ourwayoflife,fromcommercetomessagingtobusiness
communicationsandevensocialmedia,dependsontheproperfunctioningofourworldwideinfrastructure.Acommonthreadthroughoutallofthese,however,istechnology—especiallytechnologyrelatedtocomputersandcommunication.Thus,anindividual,organization,ornationwhowantedtocausedamagetothisnationcouldattackitnotjustwithtraditionalweaponsbutwithcomputersthroughtheInternet.Complacencyisnotanoptionintoday’shostilenetworkenvironment.Theprotectionofournetworksandsystemsisnotthesoledomainoftheinformationsecurityprofessional,butrathertheresponsibilityofallwhoareinvolvedinthedesign,development,deployment,andoperationofthesystemsthatarenearlyubiquitousinourdailylives.Withvirtuallyeverysystemwedependupondailyatrisk,theattacksurfaceandcorrespondingriskprofileisextremelylarge.Informationsecurityhasmaturedfromaseriesoftechnicalissuestoacomprehensiveriskmanagementproblem,andthisbookprovidesthefoundationalmaterialtoengageinthefieldina
professionalmanner.So,wheredoyou,theITprofessionalseekingmoreknowledgeon
security,startyourstudies?Thisbookoffersacomprehensivereviewoftheunderlyingfoundationsandtechnologiesassociatedwithsecuringoursystemsandnetworks.TheITworldisoverflowingwithcertificationsthatcanbeobtainedbythoseattemptingtolearnmoreabouttheirchosenprofession.Theinformationsecuritysectorisnodifferent,andtheCompTIASecurity+examoffersabasiclevelofcertificationforsecurity.InthepagesofthisbookyouwillfindnotonlymaterialthatcanhelpyoupreparefortakingtheCompTIASecurity+exambutalsothebasicinformationthatyouwillneedinordertounderstandtheissuesinvolvedinsecuringyourcomputersystemsandnetworkstoday.Innowayisthisbookthefinalsourceforlearningallaboutprotectingyourorganization’ssystems,butitservesasapointfromwhichtolaunchyoursecuritystudiesandcareer.Onethingiscertainlytrueaboutthisfieldofstudy—itnevergets
boring.Itconstantlychangesastechnologyitselfadvances.Somethingelseyouwillfindasyouprogressinyoursecuritystudiesisthatnomatterhowmuchtechnologyadvancesandnomatterhowmanynewsecuritydevicesaredeveloped,atitsmostbasiclevel,thehumanisstilltheweaklinkinthesecuritychain.Ifyouarelookingforanexcitingareatodelveinto,thenyouhavecertainlychosenwisely.Securityoffersachallengingblendoftechnologyandpeopleissues.Andsecuringthesystemsoftomorrowwillrequireeveryonetoworktogether,notjustsecurity,butdevelopers,operators,andusersalike.We,theauthorsofthisbook,wishyouluckasyouembarkonanexcitingandchallengingcareerpath.
Wm.ArthurConklin,Ph.D.GregoryB.White,Ph.D.
INTRODUCTION
Computersecurityisbecomingincreasinglyimportanttodayasthenumberofsecurityincidentssteadilyclimbs.Manycorporationsarenowspendingsignificantportionsoftheirbudgetsonsecurityhardware,software,services,andpersonnel.Theyarespendingthismoneynotbecauseitincreasessalesorenhancestheproducttheyprovide,butbecauseofthepossibleconsequencesshouldtheynottakeprotectiveactions.Securityhasbecomeacomprehensiveriskmanagementexerciseinfirmsthattaketherisksseriously.
WhyFocusonSecurity?Securityisnotsomethingthatwewanttohavetopayfor;itwouldbeniceifwedidn’thavetoworryaboutprotectingourdatafromdisclosure,modification,ordestructionfromunauthorizedindividuals,butthatisnottheenvironmentwefindourselvesintoday.Instead,wehaveseenthecostofrecoveringfromsecurityincidentssteadilyrisealongwiththeriseinthenumberofincidentsthemselves.Sincehackershavelearnedhowtomonetizehacks,theplayingfieldhasbecomesignificantlymoredangerous.Therearenowincentivesforaprofessionalclassofhackerwiththeintentofreapingbenefitsbothlongandshortterm.Withtheadventofadvancedpersistentthreats,theriseofnation-statehacking,andtheincreaseincriminalactivityfrombotnetstoransomware,theITplayingfieldisnowviewedasacontestedenvironment,onewherehackingcanresultingains.Lawenforcementistoooverwhelmedandunder-resourcedtomakeadentintheproblem,andtheresultisaneedfortrainedsecuritypractitionersinallbusinesssegments—andafurtherneedforsecurity-awareITpersonnelinregularITpositions.Securityhasbecomeamainstreamtopic.
AGrowingNeedforSecuritySpecialistsToprotectourcomputersystemsandnetworks,wewillneedasignificantnumberofnewsecurityprofessionalstrainedinthemanyaspectsofcomputerandnetworksecurity.Thisisnotaneasytask,asthesystemsconnectedtotheInternetbecomeincreasinglycomplex,withsoftwarewhoselinesofcodenumberinthemillions.Understandingwhythisissuchadifficultproblemtosolveisnothardifyouconsiderhowmanyerrorsmightbepresentinapieceofsoftwarethatisseveralmillionlineslong.Whenyouaddtheadditionalfactorofhowfastsoftwareisbeingdeveloped—fromnecessityasthemarketisconstantlymoving—understandinghowerrorsoccuriseasy.Notevery“bug”inthesoftwarewillresultinasecurityhole,butit
doesn’ttakemanytoaffecttheInternetcommunitydrastically.Wecan’tjustblamethevendorsforthissituation,becausetheyarereactingtothedemandsofgovernmentandindustry.Mostvendorsarefairlyadeptatdevelopingpatchesforflawsfoundintheirsoftware,andpatchesareconstantlyissuedtoprotectsystemsfrombugsthatmayintroducesecurityproblems.Thisintroducesawholenewproblemformanagersandadministrators—patchmanagement.Howimportantthishasbecomeiseasilyillustratedbyhowmanyofthemostrecentsecurityeventshaveoccurredasaresultofasecuritybugforwhichapatchwasavailablemonthspriortothesecurityincident;membersofthecommunityhadnotcorrectlyinstalledthepatch,however,thusmakingtheincidentpossible.Oneofthereasonsthishappensisthatmanyoftheindividualsresponsibleforinstallingthepatchesarenottrainedtounderstandthesecurityimplicationssurroundingtheholeortheramificationsofnotinstallingthepatch.Manyoftheseindividualssimplylackthenecessarytraining.Becauseoftheneedforanincreasingnumberofsecurityprofessionals
whoaretrainedtosomeminimumlevelofunderstanding,certificationssuchastheCompTIASecurity+havebeendeveloped.Prospectiveemployerswanttoknowthattheindividualtheyareconsideringhiringknowswhattodointermsofsecurity.Theprospectiveemployee,inturn,wantstohaveawaytodemonstratehisorherlevelofunderstanding,
whichcanenhancethecandidate’schancesofbeinghired.Thecommunityasawholesimplywantsmoretrainedsecurityprofessionals.
PreparingYourselffortheCompTIASecurity+ExamPrinciplesofComputerSecurity,FourthEditionisdesignedtohelpprepareyoutotaketheCompTIASecurity+certificationexam.Whenyoupassit,youwilldemonstrateyouhavethatbasicunderstandingofsecuritythatemployersarelookingfor.Passingthiscertificationexamwillnotbeaneasytask,foryouwillneedtolearnmanythingstoacquirethatbasicunderstandingofcomputerandnetworksecurity.
HowThisBookIsOrganizedThebookisdividedintochapterstocorrespondwiththeobjectivesoftheexamitself.Someofthechaptersaremoretechnicalthanothers—reflectingthenatureofthesecurityenvironmentwhereyouwillbeforcedtodealwithnotonlytechnicaldetailsbutalsootherissuessuchassecuritypoliciesandproceduresaswellastrainingandeducation.Althoughmanyindividualsinvolvedincomputerandnetworksecurityhaveadvanceddegreesinmath,computerscience,informationsystems,orcomputerorelectricalengineering,youdonotneedthistechnicalbackgroundtoaddresssecurityeffectivelyinyourorganization.Youdonotneedtodevelopyourowncryptographicalgorithm,forexample;yousimplyneedtobeabletounderstandhowcryptographyisused,alongwithitsstrengthsandweaknesses.Asyouprogressinyourstudies,youwilllearnthatmanysecurityproblemsarecausedbythehumanelement.Thebesttechnologyintheworldstillendsupbeingplacedinanenvironmentwherehumanshavetheopportunitytofoulthingsup—andalltoooftendo.
OnwardandUpward
Atthispoint,wehopethatyouarenowexcitedaboutthetopicofsecurity,evenifyouweren’tinthefirstplace.Wewishyouluckinyourendeavorsandwelcomeyoutotheexcitingfieldofcomputerandnetworksecurity.
INSTRUCTORWEBSITE
Forinstructorresources,visitwww.mhprofessional.com/PrinciplesSecurity4e.Adoptingteacherscanaccessthesupportmaterialsidentifiedbelow.ContactyourMcGraw-HillEducationsalesrepresentativefordetailsonhowtoaccessthematerials.
InstructorMaterialsThePrinciplesofComputerSecuritycompanionWebsite(www.mhprofessional.com/PrinciplesSecurity4e)providesmanyresourcesforinstructors:
Answerkeystotheend-of-chapteractivitiesinthetextbook
Answerkeystothelabmanualactivities(labmanualavailableseparately)
EngagingPowerPointslidesonthelecturetopics(includingfull-colorartworkfromthebook)
AnInstructorManual
Accesstotestbankfilesandsoftwarethatallowsyoutogenerateawidearrayofpaper-ornetwork-basedtests,andthatfeaturesautomaticgrading
Hundredsofpracticequestionsandawidevarietyofquestiontypesanddifficultylevels,enablingyoutocustomizeeachtesttomaximizestudentprogress
Blackboardcartridgesandotherformatsmayalsobeavailableuponrequest;contactyoursalesrepresentative
chapter1 IntroductionandSecurityTrends
Securityismostlyasuperstition.Itdoesnotexistinnature,nordothechildrenofmenasawholeexperienceit.Avoidingdangerisnosaferinthelongrunthanoutrightexposure.Lifeis
W
eitheradaringadventureornothing.
—HELENKELLER
Inthischapter,youwilllearnhowto
Definecomputersecurity
Discusscommonthreatsandrecentcomputercrimesthathavebeencommitted
Listanddiscussrecenttrendsincomputersecurity
Describecommonavenuesofattacks
Describeapproachestocomputersecurity
Discusstherelevantethicalissuesassociatedwithcomputersecurity
hyshouldwebeconcernedaboutcomputerandnetworksecurity?Allyouhavetodoisturnonthetelevisionorreadthenewspapertofindoutaboutavarietyofsecurityproblemsthataffectournation
andtheworldtoday.Thedangertocomputersandnetworksmayseemtopaleincomparisontothethreatofterroriststrikes,butinfacttheaveragecitizenismuchmorelikelytobethetargetofanattackontheirownpersonalcomputer,oracomputertheyuseattheirplaceofwork,thantheyaretobethedirectvictimofaterroristattack.Thischapterwillintroduceyoutoanumberofissuesinvolvedinsecuringyourcomputersandnetworksfromavarietyofthreatsthatmayutilizeanyofanumberofdifferentattacks.
TheComputerSecurityProblemFiftyyearsagocompaniesdidnotconductbusinessacrosstheInternet.Onlinebankingandshoppingwereonlydreamsinsciencefictionstories.Today,however,millionsofpeopleperformonlinetransactionseveryday.CompaniesrelyontheInternettooperateandconductbusiness.Vastamountsofmoneyaretransferredvianetworks,intheformofeitherbanktransactionsorsimplecreditcardpurchases.Wherevertherearevast
amountsofmoney,therearethosewhowilltrytotakeadvantageoftheenvironmenttoconductfraudortheft.Therearemanydifferentwaystoattackcomputersandnetworkstotakeadvantageofwhathasmadeshopping,banking,investment,andleisurepursuitsasimplematterof“draggingandclicking”(ortapping)formanypeople.Identitytheftissocommontodaythatmosteveryoneknowssomebodywho’sbeenavictimofsuchacrime,iftheyhaven’tbeenavictimthemselves.ThisisjustonetypeofcriminalactivitythatcanbeconductedusingtheInternet.Therearemanyothersandallareontherise.
DefinitionofComputerSecurityComputersecurityisnotasimpleconcepttodefine,andhasnumerouscomplexitiesassociatedwithit.Ifoneisreferringtoacomputer,thenitcanbeconsideredsecurewhenthecomputerdoeswhatitissupposedtodoandonlywhatitissupposedtodo.Butaswasnotedearlier,thesecurityemphasishasshiftedfromthecomputertotheinformationbeingprocessed.Informationsecurityisdefinedbytheinformationbeingprotectedfromunauthorizedaccessoralterationandyetisavailabletoauthorizedindividualswhenrequired.Whenonebeginsconsideringtheaspectsofinformation,itisimportanttorealizethatinformationisstored,processed,andtransferredbetweenmachines,andallofthesedifferentstatesrequireappropriateprotectionschemes.Informationassuranceisatermusedtodescribenotjusttheprotectionofinformation,butameansofknowingthelevelofprotectionthathasbeenaccomplished.
TechTip
HistoricalComputerSecurityComputersecurityisanever-changingissue.Fiftyyearsago,computersecuritywasmainlyconcernedwiththephysicaldevicesthatmadeupthecomputer.Atthetime,computerswerethehigh-valueitemsthatorganizationscouldnotaffordtolose.Today,computerequipmentisinexpensivecomparedtothevalueofthedataprocessedbythecomputer.Nowthehigh-value
itemisnotthemachine,buttheinformationthatitstoresandprocesses.Thishasfundamentallychangedthefocusofcomputersecurityfromwhatitwasintheearlyyears.Todaythedatastoredandprocessedbycomputersisalmostalwaysmorevaluablethanthehardware.
Computersecurityandinformationsecuritybothrefertoastatewherethehardwareandsoftwareperformonlydesiredactionsandtheinformationisprotectedfromunauthorizedaccessoralterationandisavailabletoauthorizeduserswhenrequired.
HistoricalSecurityIncidentsByexaminingsomeofthecomputer-relatedcrimesthathavebeencommittedoverthelast30orsoyears,wecanbetterunderstandthethreatsandsecurityissuesthatsurroundourcomputersystemsandnetworks.Electroniccrimecantakeanumberofdifferentforms,buttheoneswewillexamineherefallintotwobasiccategories:crimesinwhichthecomputerwasthetarget,andincidentsinwhichacomputerwasusedtoperpetratetheact(forexample,therearemanydifferentwaystoconductbankfraud,oneofwhichusescomputerstoaccesstherecordsthatbanksprocessandmaintain).Wewillstartourtourofcomputercrimeswiththe1988Internetworm
(Morrisworm),oneofthefirstrealInternetcrimecases.Priorto1988,criminalactivitywaschieflycenteredonunauthorizedaccesstocomputersystemsandnetworksownedbythetelephonecompanyandcompaniesthatprovideddial-upaccessforauthorizedusers.Virusactivityalsoexistedpriorto1988,havingstartedintheearly1980s.
TheMorrisWorm(November1988)RobertMorris,thenagraduatestudentatCornellUniversity,releasedwhathasbecomeknownastheInternetworm(ortheMorrisworm).Theworminfectedroughly10percentofthemachinesthenconnectedtotheInternet
(whichamountedtoapproximately6000infectedmachines).Thewormcarriednomaliciouspayload,theprogrambeingobviouslya“workinprogress,”butitdidwreakhavocbecauseitcontinuallyre-infectedcomputersystemsuntiltheycouldnolongerrunanyprograms.
CitibankandVladimirLevin(June–October1994)StartingaboutJuneof1994andcontinuinguntilatleastOctoberofthesameyear,anumberofbanktransfersweremadebyVladimirLevinofSt.Petersburg,Russia.Bythetimeheandhisaccompliceswerecaught,theyhadtransferredanestimated$10million.Eventuallyallbutabout$400,000wasrecovered.Levinreportedlyaccomplishedthebreak-insbydialingintoCitibank’scashmanagementsystem.Thissystemallowedclientstoinitiatetheirownfundtransferstootherbanks.
KevinMitnick(February1995)KevinMitnick’scomputeractivitiesoccurredoveranumberofyearsduringthe1980sand1990s.Arrestedin1995,heeventuallypledguiltytofourcountsofwirefraud,twocountsofcomputerfraud,andonecountofillegallyinterceptingawirecommunicationandwassentencedto46monthsinjail.Inthepleaagreement,MitnickadmittedtohavinggainedunauthorizedaccesstoanumberofdifferentcomputersystemsbelongingtocompaniessuchasMotorola,Novell,Fujitsu,andSunMicrosystems.Hedescribedusinganumberofdifferent“tools”andtechniques,includingsocialengineering,sniffers,andclonedcellulartelephones.
TechTip
IntellectualCuriosityIntheearlydaysofcomputercrime,muchofthecriminalactivitycenteredongainingunauthorizedaccesstocomputersystems.Inmanyearlycases,theperpetratorofthecrimedidnotintendtocauseanydamagetothecomputerbutwasinsteadonaquestof“intellectualcuriosity”—tryingtolearnmoreaboutcomputersandnetworks.Todaytheubiquitousnatureofcomputersandnetworkshaseliminatedtheperceivedneedfor
individualstobreakintocomputerstolearnmoreaboutthem.Whiletherearestillthosewhodabbleinhackingfortheintellectualchallenge,itismorecommontodayfortheintellectualcuriositytobereplacedbymaliciousintent.Whateverthereason,todayitisconsideredunacceptable(andillegal)togainunauthorizedaccesstocomputersystemsandnetworks.
OmegaEngineeringandTimothyLloyd(July1996)OnJuly30,1996,asoftware“timebomb”wentoffatOmegaEngineering,aNewJersey–basedmanufacturerofhigh-techmeasurementandcontrolinstruments.Twentydaysearlier,TimothyLloyd,acomputernetworkprogramdesigner,hadbeendismissedfromthecompanyafteraperiodofgrowingtensionbetweenLloydandmanagementatOmega.TheprogramthatranonJuly30deletedallofthedesignandproductionprogramsforthecompany,severelydamagingthesmallfirmandforcingthelayoffof80employees.TheprogramwaseventuallytracedbacktoLloyd,whohadleftitinretaliationforhisdismissal.
WorcesterAirportand“Jester”(March1997)InMarchof1997,telephoneservicestotheFAAcontroltoweraswellastheemergencyservicesattheWorcesterAirportandthecommunityofRutland,Massachusetts,werecutoffforaperiodofsixhours.Thisdisruptionoccurredasaresultofanattackonthephonenetworkbyateenagecomputer“hacker”whowentbythename“Jester.”
TheMelissaVirus(March1999)Melissaisthebestknownoftheearlymacro-typevirusesthatattachthemselvestodocumentsforprogramsthathavelimitedmacroprogrammingcapability.Thevirus,writtenandreleasedbyDavidSmith,infectedaboutamillioncomputersandcausedanestimated$80millionindamages.
TechTip
SpeedofVirusProliferationThespeedatwhichtheSlammerwormspreadservedasawakeupcalltosecurityprofessionals.ItdrovehomethepointthattheInternetcouldbeadverselyimpactedinamatterofminutes.Thisinturncausedanumberofprofessionalstorethinkhowpreparedtheyneededtobeinordertorespondtovirusoutbreaksinthefuture.Agoodfirststepistoapplypatchestosystemsandsoftwareassoonaspossible.Thiswillofteneliminatethevulnerabilitiesthatthewormsandvirusesaredesignedtotarget.
TheLoveLetterVirus(May2000)Alsoknownasthe“ILOVEYOU”wormandthe“LoveBug,”theLoveLetterviruswaswrittenandreleasedbyaPhilippinestudentnamedOneldeGuzman.Theviruswasspreadviae-mailwiththesubjectlineof“ILOVEYOU.”Estimatesofthenumberofinfectedmachinesworldwidehavebeenashighas45million,accompaniedbyapossible$10billionindamages(itshouldbenotedthatfiguresliketheseareextremelyhardtoverifyorcalculate).
TheCodeRedWorm(2001)OnJuly19,2001,inaperiodof14hours,over350,000computersconnectedtotheInternetwereinfectedbytheCodeRedworm.Thecostestimateforhowmuchdamagethewormcaused(includingvariationsofthewormreleasedonlaterdates)exceeded$2.5billion.Thevulnerabilitywasabuffer-overflowconditioninMicrosoft’sIISwebservers,hadbeenknownforamonth.
TheSlammerWorm(2003)OnSaturday,January25,2003,theSlammerwormwasreleased.Itexploitedabuffer-overflowvulnerabilityincomputersrunningMicrosoftSQLServerorSQLServerDesktopEngine.LikethevulnerabilityinCodeRed,thisweaknesswasnotnewand,infact,hadbeendiscoveredandapatchreleasedinJulyof2002.Withinthefirst24hoursofSlammer’srelease,thewormhadinfectedatleast120,000hostsandcausednetwork
outagesandthedisruptionofairlineflights,elections,andATMs.Atitspeak,Slammer-infectedhostsweregeneratingareported1TBofworm-relatedtrafficeverysecond.Thewormdoubleditsnumberofinfectedhostsevery8seconds.Itisestimatedthatittooklessthan10minutestoreachglobalproportionsandinfect90percentofthepossiblehostsitcouldinfect.
WebsiteDefacements(2006)InMayof2006,aTurkishhackerusingthehandleiSKORPiTXsuccessfullyhackedover21,000websitesinasingleeffort.Therationaleforhisactionswasneverdetermined,andoverthenextfewyearshehackedhundredsofthousandsofwebsites,defacingtheircoverpagewithastatementofhishack.Anuisancetosome,thoseaffectedhadtocleanuptheirsystems,includingrepairingvulnerabilities,orhewouldstrikeagain.
Cyberwar?(2007)InMayof2007,thecountryofEstoniawascrippledbyamassivedenial-of-service(DoS)cyberattackagainstallofitsinfrastructure,firms(banks),andgovernmentoffices.ThisattackwastracedtoIPaddressesinRussia,butwasneverclearlyattributedtoagovernment-sanctionedeffort.
OperationBotRoast(2007)In2007,theFBIannouncedthatithadconductedOperationBotRoast,identifyingover1millionbotnetcrimevictims.Intheprocessofdismantlingthebotnets,theFBIarrestedseveralbotnetoperatorsacrosstheUnitedStates.Althoughseeminglyabigsuccess,thiseffortmadeonlyasmalldentinthevastvolumeofbotnetsinoperation.
Conficker(2008–2009)Inlate2008andearly2009,securityexpertsbecamealarmedwhenitwasdiscoveredthatmillionsofsystemsattachedtotheInternetwereinfectedwiththeDownadupworm.AlsoknownasConficker,thewormwas
believedtohaveoriginatedinUkraine.Infectedsystemswerenotinitiallydamagedbeyondhavingtheirantivirussolutionupdatesblocked.Whatalarmedexpertswasthefactthatinfectedsystemscouldbeusedinasecondaryattackonothersystemsornetworks.Eachoftheseinfectedsystemswaspartofwhatisknownasabotnetwork(orbotnet)andcouldbeusedtocauseaDoSattackonatargetorbeusedfortheforwardingofspame-mailtomillionsofusers.
U.S.ElectricPowerGrid(2009)InApril2009,HomelandSecuritySecretaryJanetNapolitanotoldreportersthattheUnitedStateswasawareofattemptsbybothRussiaandChinatobreakintotheU.S.electricpowergrid,mapitout,andplantdestructiveprogramsthatcouldbeactivatedatalaterdate.Sheindicatedthattheseattackswerenotnewandhadinfactbeengoingonforyears.OnearticleintheKansasCityStar,forexample,reportedthatin1997thelocalpowercompany,KansasCityPowerandLight,encounteredperhaps10,000attacksfortheentireyear.By2009thecompanyexperienced30–60millionattacks.
TryThis!SoftwarePatchesOneofthemosteffectivemeasuressecurityprofessionalscantaketoaddressattacksontheircomputersystemsandnetworksistoensurethatallsoftwareisuptodateintermsofvendor-releasedpatches.Manyoftheoutbreaksofvirusesandwormswouldhavebeenmuchlesssevereifeverybodyhadappliedsecurityupdatesandpatcheswhentheywerereleased.Fortheoperatingsystemthatyouuse,gotoyourfavoritewebbrowsertofindwhatpatchesexistfortheoperatingsystemandwhatvulnerabilitiesorissuesthepatcheswerecreatedtoaddress.
FiberCableCut(2009)OnApril9,2009,awidespreadphoneandInternetoutagehittheSanJoseareainCalifornia.Thisoutagewasnottheresultofagroupofdeterminedhackersgainingunauthorizedaccesstothecomputersthatoperatethese
networks,butinsteadoccurredasaresultofseveralintentionalcutsinthephysicalcablesthatcarrythesignals.Thecutsresultedinalossofalltelephone,cellphone,andInternetserviceforthousandsofusersintheSanJosearea.Emergencyservicessuchas911werealsoaffected,whichcouldhavehadsevereconsequences.
TheCurrentThreatEnvironmentThethreatsofthepastweresmaller,targeted,andinmanycasesonlyanuisance.Astimehasgoneon,moreorganizedelementsofcybercrimehaveenteredthepicturealongwithnation-states.From2009andbeyond,thecyberthreatlandscapebecameconsiderablymoredangerous,withnewadversariesouttoperformoneoftwofunctions:denyyoutheuseofyourcomputersystems,oruseyoursystemsforfinancialgainincludingtheftofintellectualpropertyorfinancialinformationincludingpersonallyidentifiableinformation.
AdvancedPersistentThreatsAlthoughtherearenumerousclaimsastowhenadvancedpersistentthreats(APTs)beganandwhofirstcoinedtheterm,theimportantissueistonotethatAPTsrepresentanewbreedofattackpattern.Althoughspecificdefinitionsvary,thethreewordsthatcomprisethetermprovidethekeyelements:advanced,persistent,andthreat.Advancedreferstotheuseofadvancedtechniques,suchasspearphishing,asavectorintoatarget.Persistentreferstotheattacker’sgoalofestablishingalong-term,hiddenpositiononasystem.ManyAPTscangoonforyearswithoutbeingnoticed.Threatreferstotheotherobjective:exploitation.IfanadversaryinveststheresourcestoachieveanAPTattack,theyaredoingitforsomeformoflong-termadvantage.APTsarenotaspecifictypeofattack,butratherthenewmeansbywhichhighlyresourcedadversariestargetsystems.
GhostNet(2009)
In2009,theDalaiLama’sofficecontactedsecurityexpertstodetermineifitwasbeingbugged.Theinvestigationrevealeditwas,andthespyringthatwasdiscoveredwaseventuallyshowntobespyingonover100countries’sensitivemissionsworldwide.ResearchersgavethisAPT-stylespynetworkthenameGhostNet,andalthoughtheeffortwastracedbacktoChina,fullattributionwasneverdetermined.
OperationAurora(2009)OperationAurorawasanAPTattackfirstreportedbyGoogle,butalsotargetingAdobe,Yahoo,JuniperNetworks,Rackspace,Symantec,andseveralmajorU.S.financialandindustrialfirms.ResearchanalysispointedtothePeople’sLiberationArmy(PLA)ofChinaasthesponsor.Theattackranformostof2009andoperatedonalargescale,withthegroupsbehindtheattackconsistingofhundredsofhackersworkingtogetheragainstthevictimfirms.
Stuxnet,Duqu,andFlame(2009–2012)Stuxnet,Duqu,andFlamerepresentexamplesofstate-sponsoredmalware.StuxnetwasamaliciouswormdesignedtoinfiltratetheIranianuraniumenrichmentprogram,tomodifytheequipmentandcausethesystemstofailinordertoachievedesiredresultsandinsomecasesevendestroytheequipment.StuxnetwasdesignedtoattackaspecificmodelofSiemensprogrammablelogiccontroller(PLC),whichwasoneofthecluespointingtoitsobjective,themodificationoftheuraniumcentrifuges.AlthoughneithertheUnitedStatesnorIsraelhasadmittedtoparticipatingintheattack,bothhavebeensuggestedtohavehadaroleinit.Duqu(2011)isapieceofmalwarethatappearstobeafollow-onof
Stuxnet,andhasmanyofthesametargets,butratherthanbeingdestructiveinnature,Duquisdesignedtostealinformation.Themalwareusescommandandcontrolserversacrosstheglobetocollectelementssuchaskeystrokesandsysteminformationfrommachinesanddeliverthemtounknownparties.
Flame(2012)isanotherpieceofmodularmalwarethatmaybeaderivativeofStuxnet.Flameisaninformationcollectionthreat,collectingkeystrokes,screenshots,andnetworktraffic.ItcanrecordSkypecallsandaudiosignalsonamachine.Flameisalargepieceofmalwarewithmanyspecificmodules,includingakillswitchandameansofevadingantivirusdetection.BecauseoftheopennatureofStuxnet—itssourcecodeiswidely
availableontheInternet—itisimpossibletoknowwhoisbehindDuquandFlame.Infact,althoughDuquandFlamewerediscoveredafterStuxnet,thereisgrowingevidencethattheywerepresentbeforeStuxnetandcollectedcriticalintelligenceneededtoconductthelaterattack.Therealstorybehindthesemalwareitemsisthattheydemonstratethepowerandcapabilityofnation-statemalware.
Sony(2011)ThehackergroupLulzSecreportedlyhackedSony,stealingover70millionuseraccounts.Theresultingoutagelasted23days,andcostSonyinexcessof$170million.OneofthebiggestissuesrelatedtotheattackwasSony’spoorresponse,takingmorethanaweektonotifypeopleoftheinitialattack,andthencommunicatingpoorlywithitsuserbaseduringtherecoveryperiod.AlsonotablewasthatalthoughthecreditcarddatawasencryptedonSony’sservers,therestofthedatastolenwasnot,makingiteasypickingsforthedisclosureofinformation.
SaudiAramco(Shamoon)(2012)InAugustof2012,30,000computerswereshutdowninresponsetoamalwareattack(namedShamoon)atSaudiAramco,anoilfirminSaudiArabia.Theattackhitthreeoutoffourmachinesinthefirm,andthedamageincludeddatawipingofmachinesandtheuploadingofsensitiveinformationtoPastebin.Ittook10daysforthefirmtocleanuptheinfectionandrestartitsbusinessnetwork.
DataBreaches(2013–present)Fromtheendof2013throughtothetimeofthiswriting,databreacheshavedominatedthesecuritylandscape.TargetCorporationannounceditsbreachinmid-December,2013,statingthatthehackbeganasearlyas“BlackFriday”(November29)andcontinuedthroughDecember15.Datathievescapturednames,addresses,anddebitandcreditcarddetails,includingnumbers,expirationdates,andCVVcodes.Intheendatotalof70millionaccountswereexposed.FollowingtheTargetbreach,HomeDepotsufferedabreachofover50milliondebitandcreditcardnumbersin2014.JPMorganChasealsohadamajordatabreachin2014,announcingthe
lossof77millionaccountholders’information.UnlikeTargetandHomeDepot,JPMorganChasedidnotloseaccountnumbersorothercrucialdataelements.JPMorganChasealsomountedamajorPRcampaigntoutingitssecurityprogramandspendinginordertosatisfycustomersandregulatorsofitsdiligence.Attheendof2014,SonyPicturesEntertainmentannouncedthatithad
beenhacked,withamassivereleaseofinternaldata.Atthetimeofthiswriting,hackershaveclaimedtohavestolenasmuchas100terabytesofdata,includinge-mails,financialdocuments,intellectualproperty,personaldata,HRinformation…inessence,almosteverything.AdditionalreportsindicatethedestructionofdatawithinSony;althoughtheextentofthedamageisnotknown,atleastoneoftheelementsofmalwareassociatedwiththeattackisknownfordestroyingtheMasterBootRecord(MBR)ofdrives.AttributionintheSonyattackisalsotricky,astheU.S.governmenthasaccusedNorthKorea,whileothergroupshaveclaimedresponsibility,andsomeinvestigatorsclaimitwasaninsidejob.Itmaytakeyearstodeterminecorrectattribution,ifitisevenpossible.
Nation-StateHacking(2013–present)Nation-stateshavebecomearecognizedissueinsecurity,fromtheGreatFirewallofChinatomodernmalwareattacksfromawiderangeof
governments.Threatintelligencebecamemorethanabuzzwordin2014asfirmssuchasCrowdStrikeexposedsophisticatedhackingactorsinChina,Russia,andothercountries.In2014CrowdStrikereportedon39differentthreatactors,includingcriminals,hactivists,state-sponsoredgroups,andnation-states.Learninghowtheseadversariesactprovidesvaluablecluestotheirdetectionintheenterprise.GroupssuchasChina’sHurricanePandarepresentarealsecuritythreat.HurricanePandafocusesonaerospacefirmsandInternetservicecompanies.NotallthreatsarefromChina.Russiaiscreditedwithitsownshareof
malware.Attributionisdifficult,andsometimestheonlyhintsareclues,suchasthetimelinesofcommandandcontrolserversforEnergeticBear,anattackontheenergyindustryinEuropefromtheDragonflygroup.TheReginplatform,acompletemalwareplatform,possiblyinoperationforoveradecade,hasbeenshowntoattacktelecomoperators,financialinstitutions,governmentagencies,andpoliticalbodies.Reginisinterestingbecauseofitsstealth,itscomplexity,anditsabilitytohideitscommandandcontrolnetworkfrominvestigators.Althoughhighlysuspectedtobedeployedbyanation-state,itsattributionremainsunsolved.In2015,databreachesandnation-statehackinghitnewhighswiththe
lossofover20millionsensitivepersonnelfilesfromthecomputersattheU.S.OfficeofPersonnelManagement(OPM).ThisOPMloss,reportedlytoChina,wasextremelydamaginginthatthedatalossconsistedofthecompletebackgroundinvestigationsonpeopleswhohadsubmittedsecurityclearances.Theserecordsdetailedextensivepersonalinformationontheapplicantsandtheirfamilymembers,providinganadversarywithdetailedintelligenceknowledge.InthesameyearitwasreportedthatemailsystemsintheDepartmentofState,theDepartmentofDefense,andtheWhiteHousehadbeencompromised,possiblybybothRussiaandChina.ThesensitivenuclearnegotiationsinSwitzerlandbetweentheU.S.,itsallies,andIranwerealsoreportedtohavebeensubjecttoelectroniceavesdroppingbypartiesyetunknown.
OperationNightDragonwasanamegiventoanintellectualpropertyattackexecutedagainstoil,gas,andpetrochemicalcompaniesintheUnitedStates.Usingasetofglobalservers,attackersfromChinaraidedglobalenergycompaniesforproprietaryandhighlyconfidentialinformationsuchasbiddingdataforleases.Theattackshednewlightonwhatconstitutescriticaldataandassociatedrisks.
ThreatstoSecurityTheincidentsdescribedintheprevioussectionsprovideaglimpseintothemanydifferentthreatsthatfaceadministratorsastheyattempttoprotecttheircomputersystemsandnetworks.Thereare,ofcourse,thenormalnaturaldisastersthatorganizationshavefacedforyears.Intoday’shighlynetworkedworld,however,newthreatshavedevelopedthatwedidnothavetoworryabout50yearsago.Thereareanumberofwaysthatwecanbreakdownthevariousthreats.
Onewaytocategorizethemistoseparatethreatsthatcomefromoutsideoftheorganizationfromthosethatareinternal.Anotheristolookatthevariouslevelsofsophisticationoftheattacks,fromthoseby“scriptkiddies”tothoseby“elitehackers.”Athirdistoexaminetheleveloforganizationofthevariousthreats,fromunstructuredthreatstohighlystructuredthreats.Allofthesearevalidapproaches,andtheyinfactoverlapeachother.Thefollowingsectionsexaminethreatsfromtheperspectiveofwheretheattackcomesfrom.
VirusesandWormsWhileyourorganizationmaybeexposedtovirusesandwormsasaresultofemployeesnotfollowingcertainpracticesorprocedures,generallyyouwillnothavetoworryaboutyouremployeeswritingorreleasingvirusesandworms.Itisimportanttodrawadistinctionbetweenthewritersofmalwareandthosewhoreleasemalware.Debatesovertheethicsofwritingvirusespermeatetheindustry,butcurrently,simplywritingthemis
notconsideredacriminalactivity.Avirusislikeabaseballbat;thebatitselfisnotevil,buttheinappropriateuseofthebat(suchastosmashacar’swindow)fallsintothecategoryofcriminalactivity.(Somemayarguethatthisisnotaverygoodanalogysinceabaseballbathasausefulpurpose—toplayball—butviruseshavenousefulpurpose.Ingeneral,thisistrue,butinsomelimitedenvironments,suchasinspecializedcomputersciencecourses,thestudyandcreationofvirusescanbeconsideredausefullearningexperience.)
CrossCheckMalwareVirusesandwormsarejusttwotypesofthreatsthatfallunderthegeneralheadingofmalware.Thetermmalwarecomesfrom“malicioussoftware,”whichdescribestheoverallpurposeofcodethatfallsintothiscategoryofthreat.Malwareissoftwarethathasanefariouspurpose,designedtocauseproblemstoyouasanindividual(forexample,identitytheft)oryoursystem.MoreinformationonthedifferenttypesofmalwareisprovidedinChapter15.
Bynumber,virusesandwormsarethemostcommonproblemthatanorganizationfacesbecauseliterallythousandsofthemhavebeencreatedandreleased.Fortunately,antivirussoftwareandsystempatchingcaneliminatethelargestportionofthisthreat.Virusesandwormsgenerallyarealsonondiscriminatingthreats;theyarereleasedontheInternetinageneralfashionandaren’ttargetedataspecificorganization.Theytypicallyarealsohighlyvisibleoncereleased,sotheyaren’tthebesttooltouseinhighlystructuredattackswheresecrecyisvital.
IntrudersTheactofdeliberatelyaccessingcomputersystemsandnetworkswithoutauthorizationisgenerallyreferredtoashacking,withindividualswhoconductthisactivitybeingreferredtoashackers.Thetermhackingalsoappliestotheactofexceedingone’sauthorityinasystem.Thiswouldincludeauthorizeduserswhoattempttogainaccesstofilestheyaren’t
permittedtoaccessorwhoattempttoobtainpermissionsthattheyhavenotbeengranted.Whiletheactofbreakingintocomputersystemsandnetworkshasbeenglorifiedinthemediaandmovies,thephysicalactdoesnotliveuptotheHollywoodhype.Intrudersare,ifnothingelse,extremelypatient,sincetheprocesstogainaccesstoasystemtakespersistenceanddoggeddetermination.Theattackerwillconductmanypre-attackactivitiesinordertoobtaintheinformationneededtodeterminewhichattackwillmostlikelybesuccessful.Typically,bythetimeanattackislaunched,theattackerwillhavegatheredenoughinformationtobeveryconfidentthattheattackwillsucceed.Generally,attacksbyanindividualorevenasmallgroupofattackers
fallintotheunstructuredthreatcategory.Attacksatthislevelgenerallyareconductedovershortperiodsoftime(lastingatmostafewmonths),donotinvolvealargenumberofindividuals,havelittlefinancialbacking,andareaccomplishedbyinsidersoroutsiderswhodonotseekcollusionwithinsiders.Intruders,orthosewhoareattemptingtoconductanintrusion,definitelycomeinmanydifferentvarietiesandhavevaryingdegreesofsophistication(seeFigure1.1).Atthelowendtechnicallyarewhataregenerallyreferredtoasscriptkiddies,individualswhodonothavethetechnicalexpertisetodevelopscriptsordiscovernewvulnerabilitiesinsoftwarebutwhohavejustenoughunderstandingofcomputersystemstobeabletodownloadandrunscriptsthatothershavedeveloped.Theseindividualsgenerallyarenotinterestedinattackingspecifictargets,butinsteadsimplywanttofindanyorganizationthatmaynothavepatchedanewlydiscoveredvulnerabilityforwhichthescriptkiddiehaslocatedascripttoexploitthevulnerability.Itishardtoestimatehowmanyoftheindividualsperformingactivitiessuchasprobingnetworksorscanningindividualsystemsarepartofthisgroup,butitisundoubtedlythefastestgrowinggroupandthevastmajorityofthe“unfriendly”activityoccurringontheInternetisprobablycarriedoutbytheseindividuals.
•Figure1.1Distributionofattackerskilllevels
Atthenextlevelarethosepeoplewhoarecapableofwritingscriptstoexploitknownvulnerabilities.Theseindividualsaremuchmoretechnicallycompetentthanscriptkiddiesandaccountforanestimated8to12percentofmaliciousInternetactivity.Atthetopendofthisspectrumarethosehighlytechnicalindividuals,oftenreferredtoaselitehackers,whonotonlyhavetheabilitytowritescriptsthatexploitvulnerabilitiesbutalsoarecapableofdiscoveringnewvulnerabilities.Thisgroupisthesmallestofthelot,however,andisresponsiblefor,atmost,only1to2percentofintrusiveactivity.
Insiders
Itisgenerallyacknowledgedbysecurityprofessionalsthatinsidersaremoredangerousinmanyrespectsthanoutsideintruders.Thereasonforthisissimple—insidershavetheaccessandknowledgenecessarytocauseimmediatedamagetoanorganization.Mostsecurityisdesignedtoprotectagainstoutsideintrudersandthusliesattheboundarybetweentheorganizationandtherestoftheworld.Insidersmayactuallyalreadyhavealltheaccesstheyneedtoperpetratecriminalactivitysuchasfraud.Inadditiontounprecedentedaccess,insidersalsofrequentlyhaveknowledgeofthesecuritysystemsinplaceandarebetterabletoavoiddetection.Attacksbyinsidersareoftentheresultofemployeeswhohavebecomedisgruntledwiththeirorganizationandarelookingforwaystodisruptoperations.Itisalsopossiblethatan“attack”byaninsidermaybeanaccidentandnotintendedasanattackatall.Anexampleofthismightbeanemployeewhodeletesacriticalfilewithoutunderstandingitscriticalnature.
TechTip
TheInsideThreatOneofthehardestthreatsthatsecurityprofessionalswillhavetoaddressisthatoftheinsider.Sinceemployeesalreadyhaveaccesstotheorganizationanditsassets,additionalmechanismsneedtobeinplacetodetectattacksbyinsidersandtolessentheabilityoftheseattackstosucceed.
Employeesarenottheonlyinsidersthatorganizationsneedtobeconcernedabout.Often,numerousotherindividualshavephysicalaccesstocompanyfacilities.Custodialcrewsfrequentlyhaveunescortedaccessthroughoutthefacility,oftenwhennobodyelseisaround.Otherindividuals,suchascontractorsorpartners,mayhavenotonlyphysicalaccesstotheorganization’sfacilitiesbutalsoaccesstocomputersystemsandnetworks.AcontractorinvolvedinU.S.Intelligencecomputing,EdwardSnowden,waschargedwithespionagein2013afterhereleasedawiderangeofdataillustratingthetechnicalcapabilitiesofU.S.
intelligencesurveillancesystems.Heistheultimateinsiderwithhisnamebecomingsynonymouswiththeinsiderthreatissue.
CriminalOrganizationsAsbusinessesbecameincreasinglyreliantuponcomputersystemsandnetworks,andastheamountoffinancialtransactionsconductedviatheInternetincreased,itwasinevitablethatcriminalorganizationswouldeventuallyturntotheelectronicworldasanewtargettoexploit.CriminalactivityontheInternetatitsmostbasicisnodifferentfromcriminalactivityinthephysicalworld.Fraud,extortion,theft,embezzlement,andforgeryalltakeplaceintheelectronicenvironment.Onedifferencebetweencriminalgroupsandthe“average”hackeristhe
leveloforganizationthatcriminalelementsemployintheirattack.Criminalgroupstypicallyhavemoremoneytospendonaccomplishingthecriminalactivityandarewillingtospendextratimeaccomplishingthetaskprovidedthelevelofrewardattheconclusionisgreatenough.WiththetremendousamountofmoneythatisexchangedviatheInternetonadailybasis,thelevelofrewardforasuccessfulattackishighenoughtointerestcriminalelements.Attacksbycriminalorganizationsusuallyfallintothestructuredthreatcategory,whichischaracterizedbyagreateramountofplanning,alongerperiodoftimetoconducttheactivity,morefinancialbackingtoaccomplishit,andpossiblycorruptionof,orcollusionwith,insiders.
Nation-States,Terrorists,andInformationWarfareAsnationshaveincreasinglybecomedependentoncomputersystemsandnetworks,thepossibilitythattheseessentialelementsofsocietymightbetargetedbyorganizationsornationsdeterminedtoadverselyaffectanothernationhasbecomeareality.Manynationstodayhavedevelopedtosomeextentthecapabilitytoconductinformationwarfare.Thereareseveraldefinitionsforinformationwarfare,butasimpleoneisthatitiswarfareconductedagainsttheinformationandinformationprocessingequipmentusedbyanadversary.Inpractice,thisisamuchmorecomplicatedsubject,
becauseinformationnotonlymaybethetargetofanadversary,butalsomaybeusedasaweapon.Whateverdefinitionyouuse,informationwarfarefallsintothehighlystructuredthreatcategory.Thistypeofthreatischaracterizedbyamuchlongerperiodofpreparation(yearsisnotuncommon),tremendousfinancialbacking,andalargeandorganizedgroupofattackers.Thethreatmayincludeattemptsnotonlytosubvertinsidersbutalsotoplantindividualsinsideofapotentialtargetinadvanceofaplannedattack.
TechTip
InformationWarfareOnceonlytheconcernofgovernmentsandthemilitary,informationwarfaretodaycaninvolvemanyotherindividuals.Withthepotentialtoattackthevariouscivilian-controlledcriticalinfrastructures,securityprofessionalsinnongovernmentalsectorstodaymustalsobeconcernedaboutdefendingtheirsystemsagainstattackbyagentsofforeigngovernments.
Aninterestingaspectofinformationwarfareisthelistofpossibletargetsavailable.Wehavegrownaccustomedtotheideathat,duringwar,militaryforceswilltargetopposingmilitaryforcesbutwillgenerallyattempttodestroyaslittlecivilianinfrastructureaspossible.Ininformationwarfare,militaryforcesarecertainlystillakeytarget,butmuchhasbeenwrittenaboutothertargets,suchasthevariousinfrastructuresthatanationreliesonforitsdailyexistence.Water,electricity,oilandgasrefineriesanddistribution,bankingandfinance,telecommunications—allfallintothecategoryofcriticalinfrastructuresforanation.Criticalinfrastructuresarethosewhoselosswouldhavesevererepercussionsonthenation.Withcountriesrelyingsoheavilyontheseinfrastructures,itisinevitablethattheywillbeviewedasvalidtargetsduringconflict.Givenhowdependenttheseinfrastructuresareoncomputersystemsandnetworks,itisalsoinevitablethatthesesamecomputersystemsandnetworkswillbetargetedforacyberattackinaninformationwar.
AsdemonstratedbytheStuxnetattacks,andthecyberattacksinEstonia,theriskofnation-stateattacksisreal.Therehavebeennumerousaccusationsofintellectualpropertytheftbeingsponsoredby,andinsomecasesevenperformedby,nation-stateactors.Inaworldwhereinformationdominatesgovernment,business,andeconomies,thecollectionofinformationisthekeytosuccess,andwithlargerewards,thelistofcharacterswillingtospendsignificantresourcesishigh.
SecurityTrendsThebiggestchangeaffectingcomputersecuritythathasoccurredoverthelast30yearshasbeenthetransformationofthecomputingenvironmentfromlargemainframestoahighlyinterconnectednetworkofsmallersystems.ThisinterconnectionofsystemsistheInternetanditnowtouchesvirtuallyallsystems.Whatthishasmeantforsecurityisaswitchfromaclosedoperatingenvironmentinwhicheverythingwasfairlycontainedtooneinwhichaccesstoacomputercanoccurfromalmostanywhereontheplanet.Thishas,forobviousreasons,greatlycomplicatedthejobofthesecurityprofessional.Thetypeofindividualwhoattacksacomputersystemornetworkhas
alsoevolvedoverthelast30years.Asillustratedbythesampleofattackslistedpreviously,theattackershavebecomemorefocusedongainovernotoriety.Todaycomputerattacksareusedtostealandcommitfraudandothercrimesinthepursuitofmonetaryenrichment.Computercrimesarebigbusinesstoday,notjustbecauseitishardtocatchtheperpetrators,butalsobecausethenumberoftargetsislargeandtherewardsgreaterthanrobbinglocalstores.Overthepastseveralyearsawiderangeofcomputerindustryfirms
havebegunissuingannualsecurityreports.AmongthesefirmsisVerizon,whichhasissueditsannualDataBreachInvestigationsReport(DBIR)since2008andislaudedbecauseofitsbreadthanddepth.The2015DBIRwasbasedonover2,100databreachesand79,790securityincidentsin61countries.PerhapsthemostvaluableaspectoftheDBIRisits
identificationofcommondetailsthatresultinadatabreach.TheVerizonDBIRsareavailableatwww.verizonenterprise.com/DBIR/
Intheearlydaysofcomputers,securitywasconsideredtobeabinaryconditioninwhichyoursystemwaseithersecureornotsecure.Securityeffortsweremadetoachieveastateofsecurity,meaningthatthesystemwassecure.Today,thefocushaschanged.Inlightoftherevelationthatapurestateofsecurityisnotachievableinthebinarysense,thefocushasshiftedtooneofriskmanagement.Today,thequestionishowmuchriskyoursystemisexposedto,andfromwhatsources.
TargetsandAttacksTherearetwogeneralreasonsaparticularcomputersystemisattacked:eitheritisspecificallytargetedbytheattacker,oritisanopportunistictarget.
SpecificTargetInthiscase,theattackerhaschosenthetargetnotbecauseofthehardwareorsoftwaretheorganizationisrunningbutforanotherreason,perhapsapoliticalreason.Anexampleofthistypeofattackwouldbeanindividualinonecountryattackingagovernmentsysteminanother.Alternatively,theattackermaybetargetingtheorganizationaspartofahacktivistattack.Forexample,anattackermaydefacethewebsiteofacompanythatsellsfurcoatsbecausetheattackerfeelsthatusinganimalsinthiswayisunethical.Perpetratingsomesortofelectronicfraudisanotherreasonaspecificsystemmightbetargeted.Whateverthereason,anattackofthisnatureisdecideduponbeforetheattackerknowswhathardwareandsoftwaretheorganizationhas.
Themotivebehindmostcomputerattacksfallsintooneoftwocategories:1.Todeprivesomeonetheuseoftheirsystem.2.Tousesomeoneelse’ssystemtoenrichoneself.Insomecases,theuseofadenial-of-serviceattack(item1)precedestheactualheist(item2).
OpportunisticTargetThesecondtypeofattack,anattackagainstatargetofopportunity,isconductedagainstasitethathassoftwarethatisvulnerabletoaspecificexploit.Theattackers,inthiscase,arenottargetingtheorganization;instead,theyhavelearnedofavulnerabilityandaresimplylookingforanorganizationwiththisvulnerabilitythattheycanexploit.Thisisnottosaythatanattackermightnotbetargetingagivensectorandlookingforatargetofopportunityinthatsector,however.Forexample,anattackermaydesiretoobtaincreditcardorotherpersonalinformationandmaysearchforanyexploitablecompanywithcreditcardinformationinordertocarryouttheattack.Targetedattacksaremoredifficultandtakemoretimethanattacksona
targetofopportunity.Thelattersimplyreliesonthefactthatwithanypieceofwidelydistributedsoftware,therewillalmostalwaysbesomebodywhohasnotpatchedthesystem(orhasnotpatcheditproperly)astheyshouldhave.
MinimizingPossibleAvenuesofAttackUnderstandingthestepsanattackerwilltakeenablesyoutolimittheexposureofyoursystemandminimizethoseavenuesanattackermightpossiblyexploit.Therearemultipleelementstoasolidcomputerdefense,buttwoofthekeyelementsinvolvelimitinganattacker’savenuesofattack.Thefirststepanadministratorcantaketoreducepossibleattacksistoensurethatallpatchesfortheoperatingsystemandapplicationsare
installed.Manysecurityproblemsthatwereadabout,suchasvirusesandworms,exploitknownvulnerabilitiesforwhichpatchesexist.Thereasonsuchmalwarecausedsomuchdamageinthepastwasthatadministratorsdidnottaketheappropriateactionstoprotecttheirsystems.Thesecondstepanadministratorcantakeissystemhardening,which
involveslimitingtheservicesthatarerunningonthesystem.Onlyusingthoseservicesthatareabsolutelyneededdoestwothings:itlimitsthepossibleavenuesofattack(thoseserviceswithvulnerabilitiesthatcanbeexploited),anditreducesthenumberofservicestheadministratorhastoworryaboutpatchinginthefirstplace.Thisisoneoftheimportantfirststepsanyadministratorshouldtaketosecureacomputersystem.SystemhardeningiscoveredindetailinChapter14.Whiletherearenoiron-claddefensesagainstattack,orguaranteesthat
anattackwon’tbesuccessful,youcantakestepstoreducetheriskofloss.Thisisthebasisforthechangeinstrategyfromadefense-basedonetoonebasedonriskmanagement.RiskmanagementiscoveredindetailinChapter20.
ApproachestoComputerSecurityWhilemuchofthediscussionofcomputersecurityfocusesonhowsystemsareattacked,itisequallyimportanttoconsiderthestructureofdefenses.Therearethreemajorconsiderationswhensecuringasystem:
CorrectnessEnsuringthatasystemisfullyuptodate,withallpatchesinstalledandpropersecuritycontrolsinplace;thisgoesalongwaytowardminimizingrisk.Correctnessbeginswithasecuredevelopmentlifecycle(coveredinChapter18),continuesthroughpatchingandhardening(Chapters14and21),andculminatesinoperations(Chapters3,4,19,and20).
IsolationProtectingasystemfromunauthorizeduse,bymeansofaccesscontrolandphysicalsecurity.Isolationbeginswith
infrastructure(coveredinChapters9and10),continueswithaccesscontrol(Chapters8,11,and12),andincludestheuseofcryptography(Chapters5,6,and7).
ObfuscationMakingitdifficultforanadversarytoknowwhentheyhavesucceeded.Whetheraccomplishedbyobscurity,randomization,orobfuscation,increasingtheworkloadofanattackermakesitmoredifficultforthemtosucceedintheirattack.Obfuscationoccursthroughoutalltopics,asitisabuilt-inelement,whetherintheformofrandomnumbersincryptooraddressspacerandomizations,stackguards,orpointerencryptionattheoperatingsystemlevel.
Eachoftheseapproacheshasitsinherentflaws,buttakentogether,theycanprovideastrongmeansofsystemdefense.
EthicsAnymeaningfuldiscussionaboutoperationalaspectsofinformationsecuritymustincludethetopicofethics.Ethicsiscommonlydefinedasasetofmoralprinciplesthatguidesanindividual’sorgroup’sbehavior.Becauseinformationsecurityeffortsfrequentlyinvolvetrustingpeopletokeepsecretsthatcouldcauseharmtotheorganizationifrevealed,trustisafoundationalelementinthepeoplesideofsecurity.Andtrustisbuiltuponacodeofethics,anormthatallowseveryonetounderstandexpectationsandresponsibilities.Thereareseveraldifferentethicalframeworksthatcanbeappliedtomakingadecision,andthesearecoveredindetailinChapter25.Ethicsisadifficulttopic;separatingrightfromwrongiseasyinmany
cases,butinothercasesitismoredifficult.Forexample,writingavirusthatdamagesasystemisclearlybadbehavior,butiswritingawormthatgoesoutandpatchessystems,withouttheusers’permission,rightorwrong?Doestheendsjustifythemeans?Suchquestionsarethebasisofethicaldiscussionsthatdefinethechallengesfacedbysecuritypersonnel
onaregularbasis.
AdditionalReferences1.http://en.wikipedia.org/wiki/Timeline_of_computer_security_hacker_history2.http://www.informationisbeautiful.net/visualizations/worlds-biggest-
data-breaches-hacks/www.verizonenterprise.com/DBIR/
Chapter1Review
ChapterSummaryAfterreadingthischapterandcompletingthequizzes,youshouldunderstandthefollowingregardingsecuritythreatsandtrends.
Definecomputersecurity
Computersecurityisdefinedbyoperatinginamannerwherethesystemdoeswhatitissupposedtodoandonlywhatitissupposedtodo.
Informationsecurityisdefinedbytheinformationbeingprotectedfromunauthorizedaccessoralterationandyetisavailabletoauthorizedindividualswhenrequired.
Discusscommonthreatsandrecentcomputercrimesthathavebeencommitted
Thereareanumberofdifferentthreatstosecurity,includingvirusesandworms,intruders,insiders,criminalorganizations,terrorists,andinformationwarfareconductedbyforeigncountries.
Therearetwogeneralreasonsaparticularcomputersystemisattacked:itisspecificallytargetedbytheattacker,oritisatargetofopportunity.
Targetedattacksaremoredifficultandtakemoretimethanattacksonatargetofopportunity.
Thedifferenttypesofelectroniccrimefallintotwomaincategories:crimesinwhichthecomputerwasthetargetoftheattack,andincidentsinwhichthecomputerwasameansofperpetratingacriminalact.
Onesignificanttrendobservedoverthelastseveralyearshasbeentheincreaseinthenumberofcomputerattacksandtheireffectiveness.
Listanddiscussrecenttrendsincomputersecurity
Therearemanydifferentwaystoattackcomputersandnetworkstotakeadvantageofwhathasmadeshopping,banking,investment,andleisurepursuitsasimplematterof“draggingandclicking”formanypeople.
Thebiggestchangethathasoccurredinsecurityoverthelast30yearshasbeenthetransformationofthecomputingenvironmentfromlargemainframestoahighlyinterconnectednetworkofmuchsmallersystems.
Describecommonavenuesofattacks
Anattackercanuseacommontechniqueagainstawiderangeoftargetsinanopportunisticattack,onlysucceedingwheretheattackisviable.
Anattackercanemployavarietyoftechniquesagainstaspecifictargetwhenitisdesiredtoobtainaccesstoaspecificsystem.
Describeapproachestocomputersecurity
Therearethreemainapproachesanenterprisecanemploy,onebasedoncorrectness,oneinvolvingisolation,andoneinvolvingobfuscation.
Theidealmethodistoemployallthreetogether.
Discusstherelevantethicalissuesassociatedwithcomputersecurity
Ethicsiscommonlydefinedasasetofmoralprinciplesthatguidesanindividual’sorgroup’sbehaviors.
Becauseinformationsecurityeffortsfrequentlyinvolvetrustingpeopletokeepsecretsthatcouldcauseharmtotheorganizationifrevealed,trustisafoundationalelementinthepeoplesideofsecurity.
KeyTermscomputersecurity(1)criticalinfrastructure(11)elitehacker(9)hacker(9)hacking(9)hacktivist(12)highlystructuredthreat(11)informationwarfare(10)scriptkiddie(9)structuredthreat(10)unstructuredthreat(9)
KeyTermsQuizUsetermsfromtheKeyTermslisttocompletethesentencesthatfollow.Don’tusethesametermmorethanonce.Notalltermswillbeused.
1.A(n)_______________ischaracterizedbyagreateramountofplanning,alongerperiodoftimetoconducttheactivity,morefinancialbackingtoaccomplishit,andthepossiblecorruptionof,or
collusionwith,insiders.
2.Ahackerwhoseactivitiesaremotivatedbyapersonalcauseorpositionisknownasa(n)_______________.
3.A(n)_______________isonewhoselosswouldhaveaseveredetrimentalimpactonthenation.
4._______________isconductedagainsttheinformationandinformationprocessingequipmentusedbyanadversary.
5.Actorswhodeliberatelyaccesscomputersystemsandnetworkswithoutauthorizationarecalled_______________.
6.A(n)_______________generallyisshort-terminnature,doesnotinvolvealargegroupofindividuals,doesnothavelargefinancialbacking,anddoesnotincludecollusionwithinsiders.
7.A(n)_______________isahighlytechnicallycompetentindividualwhoconductsintrusiveactivityontheInternetandiscapableofnotonlyexploitingknownvulnerabilitiesbutalsofindingnewvulnerabilities.
8.Theactofdeliberatelyaccessingcomputersystemsandnetworkswithoutauthorizationisgenerallyreferredtoas_______________.
9.A(n)_______________isanindividualwhodoesnothavethetechnicalexpertisetodevelopscriptsordiscovernewvulnerabilitiesinsoftwarebutwhohasjustenoughunderstandingofcomputersystemstobeabletodownloadandrunscriptsthatothershavedeveloped.
10.A(n)_______________ischaracterizedbyamuchlongerperiodofpreparation(yearsisnotuncommon),tremendousfinancialbacking,andalargeandorganizedgroupofattackers.
Multiple-ChoiceQuiz
1.Whichthreatsarecharacterizedbypossiblylongperiodsofpreparation(yearsisnotuncommon),tremendousfinancialbacking,alargeandorganizedgroupofattackers,andattemptstosubvertinsidersortoplantindividualsinsideapotentialtargetinadvanceofaplannedattack?
A.Unstructuredthreats
B.Structuredthreats
C.Highlystructuredthreats
D.Nation-stateinformationwarfarethreats
2.Inwhichofthefollowingisanattackerlookingforanyorganizationvulnerabletoaspecificexploitratherthanattemptingtogainaccesstoaspecificorganization?
A.Targetofopportunityattack
B.Targetedattack
C.Vulnerabilityscanattack
D.Informationwarfareattack
3.Theriseofwhichofthefollowinghasgreatlyincreasedthenumberofindividualswhoprobeorganizationslookingforvulnerabilitiestoexploit?
A.Viruswriters
B.Scriptkiddies
C.Hackers
D.Elitehackers
4.Forwhatreason(s)dosomesecurityprofessionalsconsiderinsidersmoredangerousthanoutsideintruders?
A.Employees(insiders)areeasilycorruptedbycriminalandother
organizations.
B.Insidershavetheaccessandknowledgenecessarytocauseimmediatedamagetotheorganization.
C.Insidershaveknowledgeofthesecuritysystemsinplaceandarebetterabletoavoiddetection.
D.BothBandC
5.Theactofdeliberatelyaccessingcomputersystemsandnetworkswithoutauthorizationisgenerallyknownas:
A.Computerintrusion
B.Hacking
C.Cracking
D.Probing
6.Whatisthemostcommonproblem/threatanorganizationfaces?A.Viruses/worms
B.Scriptkiddies
C.Hackers
D.Hacktivists
7.Warfareconductedagainsttheinformationandinformationprocessingequipmentusedbyanadversaryisknownas:
A.Hacking
B.Cyberterrorism
C.Informationwarfare
D.Networkwarfare
8.Anattackerwhofeelsthatusinganimalstomakefurcoatsis
unethicalandthusdefacesthewebsiteofacompanythatsellsfurcoatsisanexampleof:
A.Informationwarfare
B.Hacktivisim
C.Cybercrusading
D.Elitehacking
9.Criminalorganizationswouldnormallybeclassifiedaswhattypeofthreat?
A.Unstructured
B.Unstructuredbuthostile
C.Structured
D.Highlystructured
10.Whichofthefollowingindividualshavetheabilitytonotonlywritescriptsthatexploitvulnerabilitiesbutalsodiscovernewvulnerabilities?
A.Elitehackers
B.Scriptkiddies
C.Hacktivists
D.Insiders
EssayQuiz1.Rereadthevariousexamplesofcomputercrimesatthebeginningof
thischapter.Categorizeeachaseitheracrimewherethecomputerwasthetargetofthecriminalactivityoracrimeinwhichthecomputerwasatoolinaccomplishingthecriminalactivity.
2.Afriendofyourshasjustbeenhiredbyanorganizationasitscomputersecurityofficer.Yourfriendisabitnervousaboutthisnewjobandhascometoyou,knowingthatyouaretakingacomputersecurityclass,toaskyouradviceonmeasuresthatcanbetakenthatmighthelppreventanintrusion.Whatthreethingscanyousuggestthataresimplebutcantremendouslyhelplimitthepossibilityofanattack?
3.Discussthemajordifferencebetweenatargetofopportunityattackandatargetedattack.Whichdoyoubelieveisthemorecommonone?
LabProject
•LabProject1.1Anumberofdifferentexamplesofcomputercrimeswerediscussedinthischapter.Similaractivitiesseemtohappendaily.DoasearchontheInternettoseewhatotherexamplesyoucanfind.Tryandobtainthemostrecentexamplespossible.
chapter2 GeneralSecurityConcepts
I
“Apeoplethatvaluesitsprivilegesaboveitsprinciplessoonlosesboth.”
—DWIGHTD.EISENHOWER
Inthischapter,youwilllearnhowto
Definebasictermsassociatedwithcomputerandinformationsecurity
Identifythebasicapproachestocomputerandinformationsecurity
Identifythebasicprinciplesofcomputerandinformationsecurity
Distinguishamongvariousmethodstoimplementaccesscontrols
Describemethodsusedtoverifytheidentityandauthenticityofanindividual
Recognizesomeofthebasicmodelsusedtoimplementsecurityinoperatingsystems
nChapter1,youlearnedaboutsomeofthevariousthreatsthatwe,assecurityprofessionals,faceonadailybasis.Inthischapter,youstartexploringthefieldofcomputersecurity.Computersecurityhasaseries
offundamentalconceptsthatsupportthediscipline.Inthischapterwewillbeginwithanexaminationofsecuritymodelsandconceptsandproceedtoseehowtheyareoperationallyemployed.
BasicSecurityTerminologyThetermhackinghasbeenusedfrequentlyinthemedia.Ahackerwasonceconsideredanindividualwhounderstoodthetechnicalaspectsofcomputeroperatingsystemsandnetworks.Hackerswereindividualsyouturnedtowhenyouhadaproblemandneededextremetechnicalexpertise.Today,primarilyasaresultofthemedia,thetermisusedmoreoftentorefertoindividualswhoattempttogainunauthorizedaccesstocomputersystemsornetworks.Whilesomewouldprefertousethetermscrackerandcrackingwhenreferringtothisnefarioustypeofactivity,theterminologygenerallyacceptedbythepublicisthatofhackerandhacking.Arelatedtermthatmaysometimesbeseenisphreaking,whichrefersto
the“hacking”ofthesystemsandcomputersusedbyatelephonecompanytooperateitstelephonenetwork.
Thefieldofcomputersecurityconstantlyevolves,introducingnewtermsfrequently,whichareoftencoinedbythemedia.Makesuretolearnthemeaningoftermssuchashacking,phreaking,vishing,phishing,pharming,andspearphishing.Someofthesehavebeenaroundformanyyears,suchashacking,whereasothershaveappearedonlyinthelastfewyears,suchasspearphishing.
SecurityBasicsComputersecurityitselfisatermthathasmanymeaningsandrelatedterms.Computersecurityentailsthemethodsusedtoensurethatasystemissecure.Subjectssuchasauthenticationandaccesscontrolsmustbeaddressedinbroadtermsofcomputersecurity.Seldomintoday’sworldarecomputersnotconnectedtoothercomputersinnetworks.Thisthenintroducesthetermnetworksecuritytorefertotheprotectionofthemultiplecomputersandotherdevicesthatareconnectedtogether.Relatedtothesetwotermsaretwoothers:informationsecurityandinformationassurance,whichplacethefocusofthesecurityprocessnotonthehardwareandsoftwarebeingusedbutonthedatathatisprocessedbythem.Assurancealsointroducesanotherconcept,thatoftheavailabilityofthesystemsandinformationwhenwewantthem.Thecommonpressandmanyprofessionalshavesettledoncybersecurityasthetermtodescribethefield.StillanothertermthatmaybeheardinthesecurityworldisCOMSEC,whichstandsforcommunicationssecurityanddealswiththesecurityoftelecommunicationsystems.Cybersecurityhasbecomeregularheadlinenewsthesedays,with
reportsofbreak-ins,databreaches,fraud,andahostofothercalamities.Thegeneralpublichasbecomeincreasinglyawareofitsdependenceoncomputersandnetworksandconsequentlyhasalsobecomeinterestedin
thesecurityofthesesamecomputersandnetworks.Asaresultofthisincreasedattentionbythepublic,severalnewtermshavebecomecommonplaceinconversationsandprint.Termssuchashacking,virus,TCP/IP,encryption,andfirewallsarenowfrequentlyencounteredinmainstreamnewsmediaandhavefoundtheirwayintocasualconversations.Whatwasoncethepurviewofscientistsandengineersisnowpartofoureverydaylife.Withourincreaseddailydependenceoncomputersandnetworksto
conducteverythingfrommakingpurchasesatourlocalgrocerystore,banking,tradingstocks,andreceivingmedicaltreatmenttodrivingourchildrentoschool,ensuringthatcomputersandnetworksaresecurehasbecomeofparamountimportance.Computersandtheinformationtheymanipulatehasbecomeapartofvirtuallyeveryaspectofourlives.
The“CIA”ofSecurityAlmostfromitsinception,thegoalofcomputersecurityhasbeenthreefold:confidentiality,integrity,andavailability—the“CIA”ofsecurity.Thepurposeofconfidentialityistoensurethatonlythoseindividualswhohavetheauthoritytoviewapieceofinformationmaydoso.Nounauthorizedindividualshouldeverbeabletoviewdatatheyarenotentitledtoaccess.Integrityisarelatedconceptbutdealswiththegenerationandmodificationofdata.Onlyauthorizedindividualsshouldeverbeabletocreateorchange(ordelete)information.Thegoalofavailabilityistoensurethatthedata,orthesystemitself,isavailableforusewhentheauthorizeduserwantsit.
TechTip
CIAofSecurityWhilethereisnouniversalagreementonauthentication,auditability,andnonrepudiationasadditionstotheoriginalCIAofsecurity,thereislittledebateoverwhetherconfidentiality,integrity,andavailabilityarebasicsecurityprinciples.Understandtheseprinciples,becauseoneormoreofthemarethereasonmostsecurityhardware,software,policies,and
proceduresexist.
Asaresultoftheincreaseduseofnetworksforcommerce,twoadditionalsecuritygoalshavebeenaddedtotheoriginalthreeintheCIAofsecurity.Authenticationattemptstoensurethatanindividualiswhotheyclaimtobe.Theneedforthisinanonlinetransactionisobvious.Relatedtothisisnonrepudiation,whichdealswiththeabilitytoverifythatamessagehasbeensentandreceivedandthatthesendercanbeidentifiedandverified.Therequirementforthiscapabilityinonlinetransactionsshouldalsobereadilyapparent.Recentemphasisonsystemsassurancehasraisedthepotentialinclusionofthetermauditability,whichreferstowhetheracontrolcanbeverifiedtobefunctioningproperly.Insecurity,itisimperativethatwecantrackactionstoensurewhathasorhasnotbeendone.
TheOperationalModelofComputerSecurityFormanyyears,thefocusofsecuritywasonprevention.Ifwecouldpreventeveryonewhodidnothaveauthorizationfromgainingaccesstoourcomputersystemsandnetworks,thenweassumedthatwehadachievedsecurity.Protectionwasthusequatedwithprevention.Whilethebasicpremiseofthisistrue,itfailstoacknowledgetherealitiesofthenetworkedenvironmentoursystemsarepartof.Nomatterhowwellweseemtodoinpreventiontechnology,somebodyalwaysseemstofindawayaroundoursafeguards.Whenthishappens,oursystemisleftunprotected.Thus,weneedmultiplepreventiontechniquesandalsotechnologytoalertuswhenpreventionhasfailedandtoprovidewaystoaddresstheproblem.Thisresultsinamodificationtoouroriginalsecurityequationwiththeadditionoftwonewelements—detectionandresponse.Oursecurityequationthusbecomes:
Protection=Prevention+(Detection+Response)Thisisknownastheoperationalmodelofcomputersecurity.Everysecuritytechniqueandtechnologyfallsintoatleastoneofthethree
elementsoftheequation.ExamplesofthetypesoftechnologyandtechniquesthatrepresenteacharedepictedinFigure2.1.
•Figure2.1Sampletechnologiesintheoperationalmodelofcomputersecurity
CybersecurityFrameworkModelIn2013,PresidentObamasignedanexecutiveorderdirectingtheU.S.NationalInstituteofScienceandTechnology(NIST)toworkwithindustryanddevelopacybersecurityframework.Thiswasinresponsetoseveralsignificantcybersecurityeventswherethevictimcompaniesappearedtobeunprepared.Theresultingframework,titledFrameworkforImprovingCriticalInfrastructureCybersecurity,wascreatedasavoluntarysystem,basedonexistingstandards,guidelines,andpractices,tofacilitateadoptionandacceptanceacrossawidearrayofindustries.
TechTip
CybersecurityFrameworkTheNISTCybersecurityFrameworkisarisk-basedapproachtoimplementationofcybersecurityactivitiesinanenterprise.Theframeworkprovidesacommontaxonomyofstandards,guidelines,andpracticesthatcanbeemployedtostrengthencybersecurityefforts.TheframeworkcanbeobtainedfromNIST:
www.nist.gov/cyberframework/upload/cybersecurity-framework-021214-final.pdf
TheCybersecurityFrameworkprovidesacommontaxonomyandmechanismtoassistinaligningmanagementpracticeswithexistingstandards,guidelines,andpractices.Itspurposeistocomplementandenhanceriskmanagementeffortsthrough
1.Determiningtheircurrentcybersecurityposture2.Documentingtheirdesiredtargetstatewithrespecttocybersecurity3.Determiningandprioritizingimprovementandcorrectiveactions4.Measuringandmonitoringprogresstowardgoals5.Creatingacommunicationmechanismforcoordinationamongstakeholders
Theframeworkiscomposedoffivecorefunctions,asillustratedinFigure2.2.Twoofthesecorefunctions,IdentifyandProtect,describeactionstakenbeforeanincident.Detectisthecorefunctionassociatedwithintrusiondetectionorthebeginningofanincidentresponse.Thelasttwo,RespondandRecover,detailactionsthattakeplaceduringthepost-incidentresponse.Examplesoftheitemsundereachfunctionareillustratedinthefigure.Inadditiontothefivefunctions,theframeworkhaslevelsofimplementationsreferredtoastiers.Thesetiersrepresenttheorganization’sabilityfromPartial(Tier1)toAdaptive(Tier4).
•Figure2.2CybersecurityFrameworkcorefunctions
SecurityTenetsInadditiontotheCIAelements,thereareadditionaltenetsthatformabasisforsystemsecurity.Thethreeoperationaltenetsfoundinsecuredeploymentsaresessionmanagement,exceptionmanagement,andconfigurationmanagement.
SessionManagementSessionmanagementisthesetofactivitiesemployedtoestablishacommunicationchannelbetweentwoparties,identifyingeachinamannerthatallowsfutureactivitywithoutrenewedauthentication.Sessionmanagementallowsanapplicationtoauthenticateonceandhavesubsequentactivitiesascribedtotheauthenticateduser.Sessionsarefrequentlyusedinwebapplicationstopreservestateanduserinformationbetweennormallystatelessclicks.SessionsaretypicallyidentifiedbyanIDthatisknowntobothsidesof
theconversation.ThisIDcanbeusedasatokenforfutureidentification.Ifconfidentialityisrequired,thenthechannelshouldbesecuredbyanappropriatelevelofcryptographicprotection.
TechTip
SessionManagementCheatSheetSessionmanagementisacommontaskforwebapplications,andtheOpenWebApplicationSecurityProject(OWASP)hasacheatsheettoassistinthecorrectimplementationofsessionmanagement.Seehttps://www.owasp.org/index.php/Session_Management_Cheat_Sheet.
Sessionmanagementincludesalltheactivitiesnecessarytomanagethesession,fromestablishment,duringuse,andatcompletionoftheconversation.Becausethesessionrepresentsthecontinuityofasecurity
conditionestablishedduringauthentication,thelevelofprotectionthatshouldbeaffordedtothesessionIDshouldbecommensuratewiththelevelofsecurityinitiallyestablished.
ExceptionManagementExceptionsaretheinvocationofconditionsthatfalloutsidethenormalsequenceofoperation.Whetherbyerrorormaliciousaction,exceptionsarechangestonormalprocessingandneedtobemanaged.Thespecialprocessingrequiredbyconditionsthatfalloutsidenormalparameterscanresultinerrorseitherlocallyorinfollow-onprocessesinasystem.Thehandlingofexceptions,referredtoasexceptionhandling,isanimportantconsiderationduringsoftwaredevelopment.Exceptionmanagementismorethanjustexceptionhandlinginsoftware
development.Whentheoperationofasystemencountersanexception,whetheritisinvokedbyaperson,process,technology,orcombination,thesystemmusteffectivelyhandlethecondition.Thiscanmeanmanydifferentthings,sometimesevenoperatingoutsidenormalpolicylimits.Exceptionmanagementcanalsobenontechnicalinnature:systemsorenvironmentsthatcannotfolloworganizationalsecuritypolicy,forexample,mustbedocumented,exceptionsmustbeapproved,andmitigationsmustbeputinplacetolowertheriskassociatedwithexceptionstopolicy.Thebottomlineissimple:eitherthesystemmusthandletheconditionandrecover,oritmustfailandberecoveredbyseparateaction.Designinginexceptionhandlingmakesasystemmoreresilient,becauseexceptionswillhappen,andhowtheyarehandledistheonlyunknownoutcome.
ConfigurationManagementConfigurationmanagementiskeytotheproperoperationofITsystems.ITsystemsarefirstandforemostsystems,groupsofelementsthatworktogethertoachieveadesiredresultantprocess.Theproperconfigurationandprovisioningofallofthecomponentsinasystemisessentialtotheproperoperationofthesystem.Thedesignandoperationoftheelements
toensuretheproperfunctionalenvironmentofasystemisreferredtoasconfigurationmanagement.ConfigurationmanagementisakeyoperationprincipleandisthoroughlycoveredinChapter21.
SecurityApproachesTherearemultipleapproachesanorganizationcantaketoaddresstheprotectionofitsnetworks:ignoresecurityissues,providehostsecurity,providenetwork-levelsecurity,orprovideacombinationofthelattertwo.Themiddletwo,hostsecurityandnetwork-levelsecurity,havepreventionaswellasdetectionandresponsecomponents.Ratherthanviewthesetwoapproachesasindependentsolutions,amatureorganizationusesbothinacomplementaryfashion.Ifanorganizationdecidestoignoresecurity,ithaschosentoutilizethe
minimalamountofsecuritythatisprovidedwithitsworkstations,servers,anddevices.Noadditionalsecuritymeasureswillbeimplemented.Each“outofthebox”systemhascertainsecuritysettingsthatcanbeconfigured,andtheyshouldbe.Toactuallyprotectanentirenetwork,however,requiresworkinadditiontothefewprotectionmechanismsthatcomewithsystemsbydefault.
TechTip
GotNetwork?AclassicblackT-shirtinthesecurityindustrysays“gotroot?”It’satakeoffonthesuccessfuladcampaign“gotmilk?”andindicatesthepowerofrootprivilege.Similarto“gotroot?”is“gotnetwork?”,forifyoutruly“own”thenetwork,thenyouhavesignificantcontroloverwhatpassesacrossitandcanresultininformationdisclosure.Toensureasecureposture,bothnetworkandhostaccesslevelsmustbecontrolled.
HostSecurityHostsecuritytakesagranularviewofsecuritybyfocusingonprotecting
eachcomputeranddeviceindividuallyinsteadofaddressingprotectionofthenetworkasawhole.Whenhostsecurityisused,eachcomputerisreliedupontoprotectitself.Ifanorganizationdecidestoimplementonlyhostsecurityanddoesnotincludenetworksecurity,thereisahighprobabilityofintroducingoroverlookingvulnerabilities.Mostenvironmentsarefilledwithdifferentoperatingsystems(Windows,UNIX,Linux,OSX),differentversionsofthoseoperatingsystems,anddifferenttypesofinstalledapplications.Eachoperatingsystemhassecurityconfigurationsthatdifferfromthoseofothersystems,anddifferentversionsofthesameoperatingsystemmayinfacthaveconfigurationvariationsbetweenthem.Hostsecurityisimportantandshouldalwaysbeaddressed.Security,
however,shouldnotstopthere,ashostsecurityisacomplementaryprocesstobecombinedwithnetworksecurity.Ifindividualhostcomputershavevulnerabilitiesembodiedwithinthem,thennetworksecuritycanprovideanotherlayerofprotectionthatwill,hopefully,stopanyintruderswhohavegottenthatfarintotheenvironment.
Alongtimediscussionhascenteredonwhetherhost-ornetwork-basedsecurityismoreimportant.Mostsecurityexpertsnowgenerallyagreethatacombinationofbothisneededtoadequatelyaddressthewiderangeofpossiblesecuritythreats.Certainattacksaremoreeasilyspottedandsomeattacksaremoreeasilypreventedusingtoolsdesignedforoneortheotheroftheseapproaches.
NetworkSecurityInsomesmallerenvironments,hostsecuritybyitselfmaybeanoption,butassystemsbecomeconnectedintonetworks,securityshouldincludetheactualnetworkitself.Innetworksecurity,anemphasisisplacedoncontrollingaccesstointernalcomputersfromexternalentities.Thiscontrolcanbethroughdevicessuchasrouters,firewalls,authenticationhardwareandsoftware,encryption,andintrusiondetectionsystems(IDSs).
Networkenvironmentstendtobeuniqueentitiesbecauseusuallynotwonetworkshaveexactlythesamenumberofcomputers,thesameapplicationsinstalled,thesamenumberofusers,theexactsameconfigurations,orthesameavailableservers.Theywillnotperformthesamefunctionsorhavethesameoverallarchitecture.Sincenetworkshavesomanyvariations,therearemanydifferentwaysinwhichtheycanbeprotectedandconfigured.Thischaptercoverssomefoundationalapproachestonetworkandhostsecurity.Eachapproachmaybeimplementedinamyriadofways,butbothnetworkandhostsecurityneedtobeaddressedforaneffectivetotalsecurityprogram.
TechTip
SecurityDesignPrinciplesTheeightdesignprinciplesfromSaltzerandSchroederarelistedandparaphrasedhere:
LeastprivilegeUseminimumprivilegesnecessarytoperformatask.
SeparationofprivilegeAccessshouldbebasedonmorethanoneitem.Fail-safedefaultsDenybydefault(implicitdeny)andonlygrantaccesswithexplicitpermission.
EconomyofmechanismMechanismsshouldbesmallandsimple.CompletemediationProtectionmechanismsshouldcovereveryaccesstoeveryobject.
OpendesignProtectionmechanismsshouldnotdependuponsecrecyofthemechanismitself.
LeastcommonmechanismProtectionmechanismsshouldbesharedtotheleastdegreepossibleamongusers.
PsychologicalacceptabilityProtectionmechanismsshouldnotimpactusers,oriftheydo,theimpactshouldbeminimal.
Ref:J.H.SaltzerandM.D.Schroeder,“TheProtectionofInformationinComputerSystems,”Proc.IEEE,vol.63,no.9,1975,pp.1278–1308.
SecurityPrinciples
Inthemid-1970s,twocomputerscientistsfromMIT,JeromeSaltzerandMichaelSchroeder,publishedapaperondesignprinciplesforasecurecomputersystem.TheSaltzerandSchroederpaper,titled“TheProtectionofInformationinComputerSystems,”hasbeenhailedasaseminalworkincomputersecurity,andtheeightdesignprinciplesareasrelevanttodayastheywerein1970s.Theseprinciplesareusefulinsecuresystemdesignandoperation.
LeastPrivilegeOneofthemostfundamentalprinciplesinsecurityisleastprivilege.Thisconceptisapplicabletomanyphysicalenvironmentsaswellasnetworkandhostsecurity.Leastprivilegemeansthatasubject(whichmaybeauser,application,orprocess)shouldhaveonlythenecessaryrightsandprivilegestoperformitstaskwithnoadditionalpermissions.Limitinganobject’sprivilegeslimitstheamountofharmthatcanbecaused,thuslimitinganorganization’sexposuretodamage.Usersmayhaveaccesstothefilesontheirworkstationsandaselectsetoffilesonafileserver,butnoaccesstocriticaldatathatisheldwithinthedatabase.Thisrulehelpsanorganizationprotectitsmostsensitiveresourcesandhelpsensurethatwhoeverisinteractingwiththeseresourceshasavalidreasontodoso.
TryThis!ExamplesoftheLeastPrivilegePrincipleThesecurityconceptofleastprivilegeisnotuniquetocomputersecurity.Ithasbeenpracticedbyorganizationssuchasfinancialinstitutionsandgovernmentsforcenturies.Basicallyitsimplymeansthatindividualsaregivenonlytheabsoluteminimumofprivilegesthatarerequiredtoaccomplishtheirassignedjob.Examinethesecuritypoliciesthatyourorganizationhasinplaceandseeifyoucanidentifyexamplesofwheretheprincipleofleastprivilegehasbeenused.
Theconceptofleastprivilegeappliestomorenetworksecurityissuesthanjustprovidinguserswithspecificrightsandpermissions.Whentrustrelationshipsarecreated,theyshouldnotbeimplementedinsuchaway
thateveryonetrustseachothersimplybecauseitiseasier.Onedomainshouldtrustanotherforveryspecificreasons,andtheimplementersshouldhaveafullunderstandingofwhatthetrustrelationshipallowsbetweentwodomains.Ifonedomaintrustsanother,doalloftheusersautomaticallybecometrusted,andcantheythuseasilyaccessanyandallresourcesontheotherdomain?Isthisagoodidea?Isthereamoresecurewayofprovidingthesamefunctionality?Ifatrustedrelationshipisimplementedsuchthatusersinonegroupcanaccessaplotterorprinterthatisavailableononlyonedomain,itmightmakesensetosimplypurchaseanotherplottersothatother,morevaluableorsensitiveresourcesarenotaccessiblebytheentiregroup.Anotherissuethatfallsundertheleastprivilegeconceptisthesecurity
contextinwhichanapplicationruns.Allapplications,scripts,andbatchfilesruninthesecuritycontextofaspecificuseronanoperatingsystem.Theyexecutewithspecificpermissionsasiftheywereauser.TheapplicationmaybeMicrosoftWordandruninthespaceofaregularuser,oritmaybeadiagnosticprogramthatneedsaccesstomoresensitivesystemfilesandsomustrununderanadministrativeuseraccount,oritmaybeaprogramthatperformsbackupsandsoshouldoperatewithinthesecuritycontextofabackupoperator.Thecruxofthisissueisthataprogramshouldexecuteonlyinthesecuritycontextthatisneededforthatprogramtoperformitsdutiessuccessfully.Inmanyenvironments,peopledonotreallyunderstandhowtomakeprogramsrununderdifferentsecuritycontexts,oritmayjustseemeasiertohaveallprogramsrunundertheadministratoraccount.Ifattackerscancompromiseaprogramorservicerunningundertheadministratoraccount,theyhaveeffectivelyelevatedtheiraccesslevelandhavemuchmorecontroloverthesystemandmanymorewaystocausedamage.
TryThis!ControlofResourcesBeingabletoapplytheappropriatesecuritycontroltofileandprintresourcesisanimportant
aspectoftheleastprivilegesecurityprinciple.Howthisisimplementedvariesdependingontheoperatingsystemthatthecomputerruns.Checkhowtheoperatingsystemthatyouuseprovidesfortheabilitytocontrolfileandprintresources.
SeparationofPrivilegeProtectionmechanismscanbeemployedtograntaccessbasedonavarietyoffactors.Oneofthekeyprinciplesistobasedecisionsonmorethanasinglepieceofinformation.Theprincipleofseparationofprivilegestatesthattheprotectionmechanismshouldbeconstructedsothatitusesmorethanonepieceofinformationtomakeaccessdecisions.Applyingthisprincipletothepeoplesideofthesecurityfunctionresultsintheconceptofseparationofduties.Theprincipleofseparationofprivilegeisapplicabletophysical
environmentsaswellasnetworkandhostsecurity.Whenappliedtopeople’sactions,separationofdutiesspecifiesthatforanygiventask,morethanoneindividualneedstobeinvolved.Thetaskisbrokenintodifferentduties,eachofwhichisaccomplishedbyaseparateindividual.Byimplementingataskinthismanner,nosingleindividualcanabusethesystemforhisorherowngain.Thisprinciplehasbeenimplementedinthebusinessworld,especiallyfinancialinstitutions,formanyyears.Asimpleexampleisasysteminwhichoneindividualisrequiredtoplaceanorderandaseparatepersonisneededtoauthorizethepurchase.Whileseparationofdutiesprovidesacertainlevelofchecksand
balances,itisnotwithoutitsowndrawbacks.Chiefamongtheseisthecostrequiredtoaccomplishthetask.Thiscostismanifestedinbothtimeandmoney.Morethanoneindividualisrequiredwhenasinglepersoncouldaccomplishthetask,thuspotentiallyincreasingthecostofthetask.Inaddition,withmorethanoneindividualinvolved,acertaindelaycanbeexpectedbecausethetaskmustproceedthroughitsvarioussteps.
Fail-SafeDefaultsToday,theInternetisnolongerthefriendlyplaygroundofresearchersthatitoncewas.Thishasresultedindifferentapproachesthatmightatfirst
seemlessthanfriendlybutthatarerequiredforsecuritypurposes.Fail-safedefaultsisaconceptthatwhensomethingfails,itshoulddosotoasafestate.Oneapproachisthataprotectionmechanismshoulddenyaccessbydefault,andgrantaccessonlywhenexplicitpermissionexists.Thisissometimescalleddefaultdeny,andthecommonoperationaltermforthisapproachisimplicitdeny.Frequentlyinthenetworkworld,administratorsmakemanydecisions
concerningnetworkaccess.Oftenaseriesofruleswillbeusedtodeterminewhetherornottoallowaccess(whichisthepurposeofanetworkfirewall).Ifaparticularsituationisnotcoveredbyanyoftheotherrules,theimplicitdenyapproachstatesthataccessshouldnotbegranted.Inotherwords,ifnorulewouldallowaccess,thenaccessshouldnotbegranted.Implicitdenyappliestosituationsinvolvingbothauthorizationandaccess.Thealternativetoimplicitdenyistoallowaccessunlessaspecificrule
forbidsit.Anotherexampleofthesetwoapproachesisinprogramsthatmonitorandblockaccesstocertainwebsites.Oneapproachistoprovidealistofspecificsitesthatauserisnotallowedtoaccess.Accesstoanysitenotonthelistwouldbeimplicitlyallowed.Theoppositeapproach(theimplicitdenyapproach)wouldblockallaccesstositesthatarenotspecificallyidentifiedasauthorized.Asyoucanimagine,dependingonthespecificapplication,oneortheotherapproachwillbemoreappropriate.Whichapproachyouchoosedependsonthesecurityobjectivesandpoliciesofyourorganization.
Implicitdenyisanotherfundamentalprincipleofsecurityandstudentsneedtobesurethattheyunderstandthisprinciple.Similartoleastprivilege,thisprinciplestatesthatifyouhaven’tspecificallybeenallowedaccess,thenitshouldbedenied.
EconomyofMechanism
Thetermssecurityandcomplexityareoftenatoddswitheachother,becausethemorecomplexsomethingis,theharderitistounderstand,andyoucannottrulysecuresomethingifyoudonotunderstandit.Anotherreasoncomplexityisaproblemwithinsecurityisthatitusuallyallowstoomanyopportunitiesforsomethingtogowrong.Ifanapplicationhas4000linesofcode,therearealotfewerplacesforbufferoverflows,forexample,thaninanapplicationoftwomillionlinesofcode.Theprincipleofeconomyofmechanismisdescribedasalwaysusingsimplesolutionswhenavailable.
Keepitsimple:Anothermethodoflookingattheprincipleofeconomyofmechanismisthattheprotectionmechanismshouldbesmallandsimple.
Anexampleoftheprincipleconcernsthenumberofservicesthatyouallowyoursystemtorun.Defaultinstallationsofcomputeroperatingsystemsoftenleavemanyservicesrunning.Thekeep-it-simpleprincipletellsustoeliminateordisablethoseservicesthatwedon’tneed.Thisisalsoagoodideafromasecuritystandpointbecauseitresultsinfewerapplicationsthatcanbeexploitedandfewerservicesthattheadministratorisresponsibleforsecuring.Thegeneralruleofthumbistoeliminateordisableallnonessentialservicesandprotocols.Thisofcourseleadstothequestion,howdoyoudeterminewhetheraserviceorprotocolisessentialornot?Ideally,youshouldknowwhatyourcomputersystemornetworkisbeingusedfor,andthusyoushouldbeabletoidentifyandactivateonlythoseelementsthatareessential.Foravarietyofreasons,thisisnotaseasyasitsounds.Alternatively,astringentsecurityapproachthatonecantakeistoassumethatnoserviceisnecessary(whichisobviouslyabsurd)andactivateservicesandportsonlyastheyarerequested.Whateverapproachistaken,thereisanever-endingstruggletotrytostrikeabalancebetweenprovidingfunctionalityandmaintainingsecurity.
CompleteMediationOneofthefundamentaltenetsofaprotectionsystemistocheckallaccessrequestsforpermission.Eachandeverytimeasubjectrequestsaccesstoanobject,thepermissionmustbechecked;otherwiseanattackermightgainunauthorizedaccesstoanobject.Completemediationreferstotheconceptthateachandeveryrequestshouldbeverified.Whenpermissionsareverifiedthefirsttime,andtheresultiscachedforsubsequentuse,performancemaybeincreased,butthisalsoopensthedoortopermissionerrors.Shouldapermissionchangesubsequenttothefirstuse,thischangewouldnotbeappliedtotheoperationsaftertheinitialcheck.Completemediationalsoreferstoensuringthatalloperationsgo
throughtheprotectionmechanism.Whensecuritycontrolsareaddedafterthefact,itisimportanttomakecertainthatallprocessflowsarecoveredbythecontrols,includingexceptionsandout-of-bandrequests.Ifanautomatedprocessischeckedinonemanner,butamanualpaperbackupprocesshasaseparatepath,itisimportanttoensureallchecksarestillinplace.Whenasystemundergoesdisasterrecoveryorbusinesscontinuityprocesses,orbackupand/orrestoreprocesses,thesetoorequirecompletemediation.
OpenDesignTheprincipleofopendesignholdsthattheprotectionofanobjectshouldnotrelyuponsecrecyoftheprotectionmechanismitself.Thisprinciplehasbeenlongprovenincryptographiccircles,wherehidingthealgorithmultimatelyfailsandthetrueprotectionreliesuponthesecrecyandcomplexityofthekeys.Theprincipledoesnotexcludetheideaofusingsecrecy,butmerelystatesthat,onthefaceofit,secrecyofmechanismisnotsufficientforprotection.Anotherconceptinsecuritythatshouldbediscussedinthiscontextis
theideaofsecuritythroughobscurity.Inthiscase,securityisconsideredeffectiveiftheenvironmentandprotectionmechanismsareconfusingorthoughttobenotgenerallyknown.Securitythroughobscurityusesthe
approachofprotectingsomethingbyhidingit.Noncomputerexamplesofthisconceptincludehidingyourbriefcaseorpurseifyouleaveitinthecarsothatitisnotinplainview,hidingahousekeyunderadoormatorinaplanter,orpushingyourfavoriteicecreamtothebackofthefreezersothateveryoneelsethinksitisallgone.Theideaisthatifsomethingisoutofsight,itisoutofmind.Thisapproach,however,doesnotprovideactualprotectionoftheobject.Someonecanstillstealthepursebybreakingintothecar,liftthedoormatandfindthekey,ordigthroughtheitemsinthefreezertofindyourfavoriteicecream.Securitythroughobscuritymaymakesomeoneworkalittlehardertoaccomplishatask,butitdoesnotpreventanyonefromeventuallysucceeding.
TechTip
SecurityThroughObscurityTheprincipleofopendesignandthepracticeofsecuritybyobscuritymayseematoddswitheachother,butinrealitytheyarenot.Theprincipleofopendesignstatesthatsecrecyitselfcannotberelieduponasameansofprotection.Thepracticeofsecuritythroughobscurityisaprovenmethodofincreasingtheworkfactorthatanadversarymustexpendtosuccessfullyattackasystem.Byitself,obscurityisnotgoodprotection,butitcancomplementothercontrolswhenbothareproperlyemployed.
Similarapproachesareseenincomputerandnetworksecuritywhenattemptingtohidecertainobjects.Anetworkadministratormay,forinstance,moveaservicefromitsdefaultporttoadifferentportsothatotherswillnotknowhowtoaccessitaseasily,orafirewallmaybeconfiguredtohidespecificinformationabouttheinternalnetworkinthehopethatpotentialattackerswillnotobtaintheinformationforuseinanattackonthenetwork.Inmostsecuritycircles,securitythroughobscurityisconsideredapoor
approach,especiallyifitistheonlyapproachtosecurity.Securitythroughobscuritysimplyattemptstohideanobject;itdoesn’timplementasecuritycontroltoprotectit.Anorganizationcanusesecuritythrough
obscuritymeasurestotrytohidecriticalassets,butothersecuritymeasuresshouldalsobeemployedtoprovideahigherlevelofprotection.Forexample,ifanadministratormovesaservicefromitsdefaultporttoamoreobscureport,anattackercanstillactuallyfindthisservice;thusafirewallshouldbeusedtorestrictaccesstotheservice.Mostpeopleknowthatevenifyoudoshoveyouricecreamtothebackofthefreezer,someonemayeventuallyfindit.
LeastCommonMechanismTheprincipleofleastcommonmechanismstatesthatmechanismsusedtoaccessresourcesshouldbededicatedandnotshared.Sharingofmechanismsallowsapotentialcross-overbetweenchannelsresultinginaprotectionfailuremode.Forexample,ifthereisamodulethatenablesemployeestochecktheirpayrollinformation,aseparatemoduleshouldbeemployedtochangetheinformation,lestausergainaccesstochangeversusreadaccess.Althoughsharingandreusearegoodinonesense,theycanrepresentasecurityriskinanother.Commonexamplesoftheleastcommonmechanismanditsisolation
principleaboundinordinarysystems.Sandboxingisameansofseparatingtheoperationofanapplicationfromtherestoftheoperatingsystem.Virtualmachinesperformthesametaskbetweenoperatingsystemsonasinglepieceofhardware.Instantiatingsharedlibraries,inwhichseparateinstantiationoflocalclassesenablesseparatebutequalcoding,isyetanother.Thekeyistoprovideameansofisolationbetweenprocessessoinformationcannotflowbetweenseparateusersunlessspecificallydesignedtodoso.
Itoftenamazessecurityprofessionalshowfrequentlyindividualsrelyonsecuritythroughobscurityastheirmainlineofdefense.Relyingonsomepieceofinformationremainingsecretisgenerallynotagoodidea.Thisisespeciallytrueinthisageofreverse-engineering,whereindividualsanalyzethebinariesforprogramstodiscoverembeddedpasswordsorcryptographickeys.Thebiggestproblemwithrelyingonsecuritythroughobscurityisthatifitfailsandthe
secretbecomesknown,thereoftenisnoeasywaytomodifythesecrettore-secureit.
PsychologicalAcceptabilityPsychologicalacceptabilityreferstotheusers’acceptanceofsecuritymeasures.Usersplayakeyroleintheoperationofasystem,andifsecuritymeasuresareperceivedtobeanimpedimenttotheworkauserisresponsiblefor,thenanaturalconsequencemaybethattheuserbypassesthecontrol.Althoughausermayunderstandthatthiscouldresultinasecurityproblem,theperceptionthatitdoesresultintheirperformancefailurewillpresentpressuretobypassit.Psychologicalacceptabilityisoftenoverlookedbysecurity
professionalsfocusedontechnicalissuesandhowtheyseethethreat.Theyarefocusedonthethreat,whichistheirprofessionalresponsibility,sothefocusonsecurityisnaturalanditalignswiththeirprofessionalresponsibilities.Thisalignmentbetweensecurityandprofessionalworkresponsibilitiesdoesnotalwaystranslatetootherpositionsinanorganization.Securityprofessionals,particularlythosedesigningthesecuritysystems,shouldnotonlybeawareofthisconcept,butpayparticularattentiontohowsecuritycontrolswillbeviewedbyworkersinthecontextoftheirworkresponsibility,notwithrespecttosecurityforitsownsake.
DefenseinDepthDefenseindepthisaprinciplethatischaracterizedbytheuseofmultiple,differentdefensemechanismswithagoalofimprovingthedefensiveresponsetoanattack.Anothertermfordefenseindepthislayeredsecurity.Singlepointsoffailurerepresentjustthat,anopportunitytofail.Byusingmultipledefensesthataredifferent,withdifferingpointsoffailure,asystembecomesstronger.Whileonedefensemechanismmaynotbe100percenteffective,theapplicationofaseconddefensemechanismtotheitemsthatsucceedinbypassingthefirstmechanismprovidesastrongerresponse.Thereareacoupleofdifferentmechanismsthatcanbe
employedinadefense-in-depthstrategy:layeredsecurityanddiversityofdefense.Togethertheseprovideadefense-in-depthstrategythatisstrongerthananysinglelayerofdefense.Abankdoesnotprotectthemoneythatitstoresonlybyusingavault.It
hasoneormoresecurityguardsasafirstdefensetowatchforsuspiciousactivitiesandtosecurethefacilitywhenthebankisclosed.Itmayhavemonitoringsystemsthatwatchvariousactivitiesthattakeplaceinthebank,whetherinvolvingcustomersoremployees.Thevaultisusuallylocatedinthecenterofthefacility,andthustherearelayersofroomsorwallsbeforearrivingatthevault.Thereisaccesscontrol,whichensuresthatthepeopleenteringthevaulthavetobegivenauthorizationbeforehand.Andthesystems,includingmanualswitches,areconnecteddirectlytothepolicestationincaseadeterminedbankrobbersuccessfullypenetratesanyoneoftheselayersofprotection.Networksshouldutilizethesametypeoflayeredsecurityarchitecture.
Thereisno100percentsecuresystem,andthereisnothingthatisfoolproof,soasinglespecificprotectionmechanismshouldneverbesolelyreliedupon.Itisimportantthateveryenvironmenthavemultiplelayersofsecurity.Theselayersmayemployavarietyofmethods,suchasrouters,firewalls,networksegments,IDSs,encryption,authenticationsoftware,physicalsecurity,andtrafficcontrol.Thelayersneedtoworktogetherinacoordinatedmannersothatonedoesnotimpedeanother’sfunctionalityandintroduceasecurityhole.Asanexample,considerthestepsanintrudermighthavetotaketo
accesscriticaldataheldwithinacompany’sback-enddatabase.TheintruderfirsthastopenetratethefirewallandusepacketsandmethodsthatwillnotbeidentifiedanddetectedbytheIDS(moreinformationonthesedevicescanbefoundinChapter13).Theattackernexthastocircumventaninternalrouterperformingpacketfiltering,andthenpossiblypenetrateanotherfirewallusedtoseparateoneinternalnetworkfromanother(seeFigure2.3).Fromthere,theintrudermustbreaktheaccesscontrolsthatareonthedatabase,whichmeanshavingtodoadictionaryorbrute-forceattacktobeabletoauthenticatetothedatabasesoftware.Oncetheintruder
hasgottenthisfar,thedatastillneedstobelocatedwithinthedatabase.Thismayinturnbecomplicatedbytheuseofaccesscontrollistsoutliningwhocanactuallyviewormodifythedata.Thatisalotofwork.
•Figure2.3Layeredsecurity
Thisexampleillustratesthedifferentlayersofsecuritymanyenvironmentsemploy.Itisimportanttoimplementseveraldifferentlayersbecauseifintruderssucceedatonelayer,youwanttobeabletostopthematthenext.Theredundancyofdifferentprotectionlayersassuresthatthereisnoonesinglepointoffailurepertainingtosecurity.Ifanetworkusedonlyafirewalltoprotectitsassets,anattackerabletopenetratethisdevicesuccessfullywouldfindtherestofthenetworkopenandvulnerable.Anexampleofhowdifferentsecuritymethodscanworkagainsteach
otherisexemplifiedwhenfirewallsencounterencryptednetworktraffic.Anorganizationmayutilizeencryptionsothatanoutsidecustomercommunicatingwithaspecificwebserverisassuredthatsensitivedatabeingexchangedisprotected.IfthisencrypteddataisencapsulatedwithinSecureSocketsLayer(SSL)orTransportLayerSecurity(TLS)packetsandthensentthroughafirewall,thefirewallmaynotbeabletoreadthepayloadinformationintheindividualpackets.Thelayersusuallyaredepictedstartingatthetop,withmoregeneral
typesofprotection,andprogressingdownwardthrougheachlayer,withincreasinggranularityateachlayerasyougetclosertotheactualresource,asyoucanseeinFigure2.4.Thisisbecausethetop-layerprotectionmechanismisresponsibleforlookingatanenormousamountoftraffic,anditwouldbeoverwhelmingandcausetoomuchofaperformancedegradationifeachaspectofthepacketwereinspected.Instead,eachlayerusuallydigsdeeperintothepacketandlooksforspecificitems.Layersthatareclosertotheresourcehavetodealwithonlyafractionofthetrafficthatthetop-layersecuritymechanismdoes,andthuslookingdeeperandatmoregranularaspectsofthetrafficwillnotcauseasmuchofaperformancehit.
•Figure2.4Variouslayersofsecurity
DiversityofDefenseDiversityofdefenseisaconceptthatcomplementstheideaofvariouslayersofsecurity.Itinvolvesmakingdifferentlayersofsecuritydissimilarsothatevenifattackersknowhowtogetthroughasystemthatcomprisesonelayer,theymaynotknowhowtogetthroughadifferenttypeoflayerthatemploysadifferentsystemforsecurity.Ifanenvironmenthastwofirewallsthatformademilitarizedzone
(DMZ),forexample,onefirewallmaybeplacedattheperimeteroftheInternetandtheDMZ.Thisfirewallanalyzesthetrafficthatisenteringthroughthatspecificaccesspointandenforcescertaintypesofrestrictions.TheotherfirewallmaythenbeplacedbetweentheDMZandtheinternalnetwork.Whenapplyingthediversity-of-defenseconcept,youshouldsetupthesetwofirewallstofilterfordifferenttypesoftrafficandprovide
differenttypesofrestrictions.Thefirstfirewall,forexample,maymakesurethatnoFTP,SNMP,orTelnettrafficentersthenetworkbutallowSMTP,SSH,HTTP,andSSLtrafficthrough.ThesecondfirewallmaynotallowSSLorSSHthroughandmayinterrogateSMTPandHTTPtraffictomakesurethatcertaintypesofattacksarenotpartofthattraffic.
AccessControlThetermaccesscontrolhasbeenusedtodescribeavarietyofprotectionschemes.Itsometimesreferstoallsecurityfeaturesusedtopreventunauthorizedaccesstoacomputersystemornetwork.Inthissense,itmaybeconfusedwithauthentication.Moreproperly,accesscontrolistheabilitytocontrolwhetherasubject(suchasanindividualoraprocessrunningonacomputersystem)caninteractwithanobject(suchasafileorhardwaredevice).Authentication,ontheotherhand,dealswithverifyingtheidentityofasubject.Tohelpunderstandthedifference,considertheexampleofanindividualattemptingtologintoacomputersystemornetwork.Authenticationistheprocessusedtoverifytothecomputersystemornetworkthattheindividualiswhotheyclaimtobe.ThemostcommonmethodtodothisisthroughtheuseofauserIDandpassword.Oncetheindividualhasverifiedtheiridentity,accesscontrolsregulatewhattheindividualcanactuallydoonthesystem.Justbecauseapersonisgrantedentrytothesystemdoesnotmeanthattheyshouldhaveaccesstoalldatathesystemcontains.
AuthenticationMechanismsAccesscontrolsdefinewhatactionsausercanperformorwhatobjectsausercanhaveaccessto.Thesecontrolsassumethattheidentityoftheuserhasbeenverified.Itisthejobofauthenticationmechanismstoensurethatonlyvalidusersareadmitted.Describedanotherway,authenticationisusingsomemechanismtoprovethatyouarewhoyouclaimtobe.Therearethreegeneralfactorscommonlyusedinauthentication.Inorderto
verifyyouridentity,youcanprovide
Somethingyouknow(knowledgefactor)
Somethingyouhave(possessionfactor)
Somethingaboutyou(somethingthatyouare;inherentfactor)
Themostcommonauthenticationmechanismistoprovidesomethingthatonlyyou,thevaliduser,shouldknow.ThemostfrequentlyusedexampleofthisisthecommonuserID(orusername)andpassword.Intheory,sinceyouarenotsupposedtoshareyourpasswordwithanybodyelse,onlyyoushouldknowyourpassword,andthusbyprovidingit,youareprovingtothesystemthatyouarewhoyouclaimtobe.Anothermechanismforauthenticationistoprovidesomethingthatyouhaveinyourpossession,suchasamagneticstripecardthatcontainsidentifyinginformation.Thethirdmechanismistousesomethingaboutyouforidentificationpurposes,suchasyourfingerprintorthegeometryofyourhand.Obviously,forthesecondandthirdmechanismstowork,additionalhardwaredevicesneedtobeused(toreadthecard,fingerprint,orhandgeometry).
AccessControlvs.AuthenticationItmayseemthataccesscontrolandauthenticationaretwowaystodescribethesameprotectionmechanism.This,however,isnotthecase.Authenticationprovidesawaytoverifytothecomputerwhotheuseris.Oncetheuserhasbeenauthenticated,theaccesscontrolsdecidewhatoperationstheusercanperform.Thetwogohand-in-handbuttheyarenotthesamething.
AuthenticationandAccessControlPoliciesPoliciesarestatementsofwhattheorganizationwantstoaccomplish.Theorganizationneedstoidentifygoalsandintentionsformanydifferentaspectsofsecurity.Eachaspectwillhaveassociatedpoliciesand
procedures.
GroupPolicyOperatingsystemssuchasWindowsandLinuxallowadministratorstoorganizeusersintogroups,tocreatecategoriesofusersforwhichsimilaraccesspoliciescanbeestablished.Usinggroupssavestheadministratortime,asaddinganewuserwillnotrequiretheadministratortocreateacompletelynewuserprofile;instead,theadministratorcandeterminetowhichgroupthenewuserbelongsandthenaddtheusertothatgroup.Agrouppolicydefinesforthegroupthingssuchastheapplicable
operatingsystemandapplicationsettingsandpermissions.Examplesofgroupscommonlyfoundincludeadministrator,user,andguest.Takecarewhencreatinggroupsandassigninguserstothemsothatyoudonotprovidemoreaccessthanisabsolutelyrequiredformembersofthatgroup.Itwouldbesimpletomakeeverybodyanadministrator—itwouldcutdownonthenumberofrequestsusersmakeofbeleagueredadministrators—butthisisnotawisechoice,asitalsoenablesuserstomodifythesysteminwaysthatcouldimpactsecurity.Establishingtherightslevelsofaccessforthevariousgroupsupfrontwillsaveyoutimeandeliminatepotentialproblemsthatmightbeencounteredlateron.MoreonthissubjectwillbecoveredinChapter14.
TechTip
GroupPolicyThetermgrouppolicyhasdifferentmeaningsinLinuxandWindowssystems.InLinux,grouppoliciestypicallyrefertogroup-levelpermissionsassociatedwithfilesystems.InWindows,grouppoliciesrefertoActiveDirectoryobjectsusedtoenforceconfigurationandpermissionsacrossadomain.
PasswordPolicy
Sincepasswordsarethemostcommonauthenticationmechanism,itisimperativethatorganizationshaveapolicythataddressesthem.Thepasswordpolicyshouldaddresstheproceduresusedforselectinguserpasswords(specifyingwhatisconsideredanacceptablycomplexpasswordintheorganizationintermsofthecharactersetandlength),thefrequencywithwhichpasswordsmustbechanged,andhowpasswordswillbedistributed.Proceduresforcreatingnewpasswordsshouldanemployeeforgetheroldpasswordalsoneedtobeaddressed,aswellastheacceptablehandlingofpasswords(forexample,theyshouldnotbesharedwithanybodyelse,theyshouldnotbewrittendown,andsoon).Itmightalsobeusefultohavethepolicyaddresstheissueofpasswordcrackingbyadministrators,toenablethemtodiscoverweakpasswordsselectedbyemployees.
Apasswordpolicyisoneofthemostbasicpoliciesthatanorganizationcanhave.Makesureyouunderstandthebasicsofwhatconstitutesagoodpasswordalongwiththeotherissuesthatsurroundpasswordcreation,expiration,sharing,anduse.
Notethatthedeveloperofthepasswordpolicyandassociatedprocedurescangooverboardandcreateanenvironmentthatnegativelyimpactsemployeeproductivityandleadstopoorersecurity,notbetter.If,forexample,thefrequencywithwhichpasswordsarechangedistoogreat,usersmightwritethemdownorforgetthem.Neitheroftheseisadesirableoutcome,astheformermakesitpossibleforanintrudertofindapasswordandgainaccesstothesystem,andthelatterleadstotoomanypeoplelosingproductivityastheywaitforanewpasswordtobecreatedtoallowthemaccessagain.MoreinformationonpasswordpoliciescanbefoundinChapter22.
SecurityModels
Animportantissuewhendesigningthesoftwarethatwilloperateandcontrolsecurecomputersystemsandnetworksisthesecuritymodelthatthesystemornetworkwillbebasedupon.Thesecuritymodelwillimplementthesecuritypolicythathasbeenchosenandenforcethosecharacteristicsdeemedmostimportantbythesystemdesigners.Forexample,ifconfidentialityisconsideredparamount,themodelshouldmakecertainnodataisdisclosedtounauthorizedindividuals.Amodelenforcingconfidentialitymayallowunauthorizedindividualstomodifyordeletedata,asthiswouldnotviolatethetenetsofthemodelbecausethetruevaluesforthedatawouldstillremainconfidential.Ofcourse,thismodelmaynotbeappropriateforallenvironments.Insomeinstances,theunauthorizedmodificationofdatamaybeconsideredamoreseriousissuethanitsunauthorizeddisclosure.Insuchcases,themodelwouldberesponsibleforenforcingtheintegrityofthedatainsteadofitsconfidentiality.Choosingthemodeltobasethedesignoniscriticalifyouwanttoensurethattheresultingsystemaccuratelyenforcesthesecuritypolicydesired.This,however,isonlythestartingpoint,anditdoesnotimplythatyouhavetomakeachoicebetweenconfidentialityanddataintegrity,asbothareimportant.
ConfidentialityModelsDataconfidentialityhasgenerallybeenthechiefconcernofthemilitary.Forinstance,theU.S.militaryencouragedthedevelopmentoftheBell-LaPadulasecuritymodeltoaddressdataconfidentialityincomputeroperatingsystems.Thismodelisespeciallyusefulindesigningmultilevelsecuritysystemsthatimplementthemilitary’shierarchicalsecurityscheme,whichincludeslevelsofclassificationsuchasUnclassified,Confidential,Secret,andTopSecret.Similarclassificationschemescanbeusedinindustry,whereclassificationsmightincludePubliclyReleasable,Proprietary,andCompanyConfidential.Asecondconfidentialitymodel,theBrewer-Nashsecuritymodel,is
onedefinedbycontrollingreadandwriteaccessbasedonconflictof
interestrules.ThismodelisalsoknownastheChineseWallmodel,aftertheconceptofseparatinggroupsthroughtheuseofanimpenetrablewall.
Bell-LaPadulaModelTheBell-LaPadulasecuritymodelemploysbothmandatoryanddiscretionaryaccesscontrolmechanismswhenimplementingitstwobasicsecurityprinciples.ThefirstoftheseprinciplesiscalledtheSimpleSecurityRule,whichstatesthatnosubject(suchasauseroraprogram)canreadinformationfromanobject(suchasafile)withasecurityclassificationhigherthanthatpossessedbythesubjectitself.ThismeansthatthesystemmustpreventauserwithonlyaSecretclearance,forexample,fromreadingadocumentlabeledTopSecret.Thisruleisoftenreferredtoasthe“no-read-up”rule.
TheSimpleSecurityRuleisjustthat:themostbasicofsecurityrules.Itessentiallystatesthatinorderforyoutoseesomething,youhavetobeauthorizedtoseeit.
ThesecondsecurityprincipleenforcedbytheBell-LaPadulasecuritymodelisknownasthe*-property(pronounced“starproperty”).Thisprinciplestatesthatasubjectcanwritetoanobjectonlyifthetarget’ssecurityclassificationisgreaterthanorequaltotheobject’ssecurityclassification.ThismeansthatauserwithaSecretclearancecanwritetoafilewithaSecretorTopSecretclassificationbutcannotwritetoafilewithonlyanUnclassifiedclassification.Thisatfirstmayappeartobeabitconfusing,sincethisprincipleallowsuserstowritetofilesthattheyarenotallowedtoview,thusenablingthemtoactuallydestroyfilesthattheydon’thavetheclassificationtosee.Thisistrue,butkeepinmindthattheBell-LaPadulamodelisdesignedtoenforceconfidentiality,notintegrity.Writingtoafilethatyoudon’thavetheclearancetoviewisnotconsideredaconfidentialityissue;itisanintegrityissue.Whereasthe*-propertyallowsausertowritetoafileofequalor
greatersecurityclassification,itdoesn’tallowausertowritetoafilewithalowersecurityclassification.This,too,maybeconfusingatfirst—afterall,shouldn’tauserwithaSecretclearance,whocanviewafilemarkedUnclassified,beallowedtowritetothatfile?Theanswertothis,fromasecurityperspective,is“no.”Thereasonagainrelatestowantingtoavoideitheraccidentalordeliberatesecuritydisclosures.Thesystemisdesignedtomakeitimpossible(hopefully)fordatatobedisclosedtothosewithouttheappropriateleveltoviewit.AsshowninFigure2.5,ifitwerepossibleforauserwithaTopSecretclearancetoeitherdeliberatelyoraccidentallywriteTopSecretinformationandplaceitinafilemarkedConfidential,auserwithonlyaConfidentialsecurityclearancecouldthenaccessthisfileandviewtheTopSecretinformation.Thus,datawouldhavebeendisclosedtoanindividualnotauthorizedtoviewit.Thisiswhatthesystemshouldprotectagainstandisthereasonforwhatisknownasthe“no-write-down”rule.
•Figure2.5Bell-LaPadulasecuritymodel
Notallenvironmentsaremoreconcernedwithconfidentialitythanintegrity.Inafinancialinstitution,forexample,viewingsomebody’sbankbalanceisanissue,butagreaterissuewouldbetheabilitytoactuallymodifythatbalance.Inenvironmentswhereintegrityismoreimportant,adifferentmodelthantheBell-LaPadulasecuritymodelisneeded.
Brewer-NashSecurityModelOneofthetenetsassociatedwithaccessisneedtoknow.Separategroupswithinanorganizationmayhavedifferingneedswithrespecttoaccesstoinformation.Asecuritymodelthattakesintoaccountuserconflict-of-interestaspectsistheBrewer-Nashsecuritymodel.Inthismodel,informationflowsaremodeledtopreventinformationfromflowingbetweensubjectsandobjectswhenaconflictofinterestwouldoccur.Aspreviouslynoted,thismodelisalsoknownasaChineseWallmodel,aftertheGreatWallofChina,astructuredesignedtoseparategroupsofpeople.AsshowninFigure2.6,separategroupsaredefinedandaccesscontrolsaredesignedtoenforcetheseparationofthegroups.
•Figure2.6Brewer-Nashsecuritymodel
IntegrityModels
TheBell-LaPadulamodelwasdevelopedintheearly1970sbutwasfoundtobeinsufficientforallenvironments.Asanalternative,KennethBibastudiedtheintegrityissueanddevelopedwhatiscalledtheBibasecuritymodelinthelate1970s.Additionalworkwasperformedinthe1980sthatledtotheClark-Wilsonsecuritymodel,whichalsoplacesitsemphasisonintegrityratherthanconfidentiality.
TheBibaSecurityModelIntheBibamodel(seeFigure2.7),insteadofsecurityclassifications,integritylevelsareused.Aprincipleofintegritylevelsisthatdatawithahigherintegritylevelisbelievedtobemoreaccurateorreliablethandatawithalowerintegritylevel.Integritylevelsindicatethelevelof“trust”thatcanbeplacedininformationatthedifferentlevels.Integritylevelsdifferfromsecuritylevelsinanotherway—theylimitthemodificationofinformationasopposedtotheflowofinformation.
•Figure2.7BibbSecurityModel
Aninitialattemptatimplementinganintegrity-basedmodelwascapturedinwhatisreferredtoastheLow-Water-Markpolicy.Thispolicyinmanywaysistheoppositeofthe*-propertyinthatitpreventssubjectsfromwritingtoobjectsofahigherintegritylevel.Thepolicyalsocontainsasecondrulethatstatestheintegritylevelofasubjectwillbeloweredifitreadsanobjectofalowerintegritylevel.Thereasonforthisisthatifthesubjectthenusesdatafromthatobject,thehighesttheintegritylevelcanbeforanewobjectcreatedfromitisthesamelevelofintegrityoftheoriginalobject.Inotherwords,theleveloftrustyoucan
placeindataformedfromdataataspecificintegritylevelcannotbehigherthantheleveloftrustyouhaveinthesubjectcreatingthenewdataobject,andtheleveloftrustyouhaveinthesubjectcanonlybeashighastheleveloftrustyouhadintheoriginaldata.ThefinalrulecontainedintheLow-Water-Markpolicystatesthatasubjectcanexecuteaprogramonlyiftheprogram’sintegritylevelisequaltoorlessthantheintegritylevelofthesubject.Thisensuresthatdatamodifiedbyaprogramonlyhastheleveloftrust(integritylevel)thatcanbeplacedintheindividualwhoexecutedtheprogram.WhiletheLow-Water-Markpolicycertainlypreventsunauthorized
modificationofdata,ithastheunfortunatesideeffectofeventuallyloweringtheintegritylevelsofallsubjectstothelowestlevelonthesystem(unlessthesubjectalwaysviewsfileswiththesamelevelofintegrity).Thisisbecauseofthesecondrule,whichlowerstheintegritylevelofthesubjectafteraccessinganobjectofalowerintegritylevel.Thereisnowayspecifiedinthepolicytoeverraisethesubject’sintegritylevelbacktoitsoriginalvalue.Asecondpolicy,knownastheRingpolicy,addressesthisissuebyallowinganysubjecttoreadanyobjectwithoutregardtotheobject’slevelofintegrityandwithoutloweringthesubject’sintegritylevel.This,unfortunately,canleadtoasituationwheredatacreatedbyasubjectafterreadingdataofalowerintegritylevelcouldenduphavingahigherleveloftrustplaceduponitthanitshould.TheBibasecuritymodelimplementsahybridoftheRingandLow-
Water-Markpolicies.Biba’smodelinmanyrespectsistheoppositeoftheBell-LaPadulamodelinthatwhatitenforcesare“no-read-down”and“no-write-up”policies.Italsoimplementsathirdrulethatpreventssubjectsfromexecutingprogramsofahigherlevel.TheBibasecuritymodelthusaddressestheproblemsmentionedwithboththeRingandLow-Water-Markpolicies.
TheClark-WilsonSecurityModelTheClark-WilsonsecuritymodeltakesanentirelydifferentapproachthantheBibaandBell-LaPadulamodels,usingtransactionsasthebasisfor
itsrules.Itdefinestwolevelsofintegrityonly:constraineddataitems(CDIs)andunconstraineddataitems(UDIs).CDIdataissubjecttointegritycontrolswhileUDIdataisnot.Themodelthendefinestwotypesofprocesses:integrityverificationprocesses(IVPs),whichensurethatCDIdatameetsintegrityconstraints(toensurethesystemisinavalidstate),andtransformationprocesses(TPs),whichchangethestateofdatafromonevalidstatetoanother.Datainthismodelcannotbemodifieddirectlybyauser;itmustbechangedbytrustedTPs,accesstowhichcanberestricted(thusrestrictingtheabilityofausertoperformcertainactivities).Itisusefultoreturntothepriorexampleofthebankingaccountbalance
todescribetheneedforintegrity-basedmodels.IntheClark-Wilsonmodel,theaccountbalancewouldbeaCDIbecauseitsintegrityisacriticalfunctionforthebank.Aclient’scolorpreferencefortheircheckbookisnotacriticalfunctionandwouldbeconsideredaUDI.Sincetheintegrityofaccountbalancesisofextremeimportance,changestoaperson’sbalancemustbeaccomplishedthroughtheuseofaTP.EnsuringthatthebalanceiscorrectwouldbethedutyofanIVP.Onlycertainemployeesofthebankshouldhavetheabilitytomodifyanindividual’saccount,whichcanbecontrolledbylimitingthenumberofindividualswhohavetheauthoritytoexecuteTPsthatresultinaccountmodification.CertainverycriticalfunctionsmayactuallybesplitintomultipleTPstoenforceanotherimportantprinciple,separationofduties(introducedearlierinthechapter).Thislimitstheauthorityanyoneindividualhassothatmultipleindividualswillberequiredtoexecutecertaincriticalfunctions.
Chapter2Review
ChapterSummary
Afterreadingthischapterandcompletingtheexercises,youshouldunderstandthefollowingregardingthebasicsofsecurity,securityterminology,andsecuritymodels.
Definebasictermsassociatedwithcomputerandinformationsecurity
Informationassuranceandinformationsecurityplacethesecurityfocusontheinformationandnotonthehardwareorsoftwareusedtoprocessit.
Theoriginalgoalofcomputerandnetworksecuritywastoprovideconfidentiality,integrity,andavailability—the“CIA”ofsecurity.
Additionalelementsofsecuritycanincludeauthentication,authorization,auditability,andnonrepudiation.
Theoperationalmodelofcomputersecuritytellsusthatprotectionisprovidedbyprevention,detection,andresponse.
Identifythebasicapproachestocomputerandinformationsecurity
Hostsecurityfocusesonprotectingeachcomputeranddeviceindividually,whereasnetworksecurityfocusesonaddressingprotectionofthenetworkasawhole.
Formanyorganizations,acombinationofhostsecurityandnetworksecurityisneededtoadequatelyaddressthewiderangeofpossiblesecuritythreats.
Identifythebasicprinciplesofcomputerandinformationsecurity
Principleofleastprivilegeistousetheminimumprivilegesnecessarytoperformatask.
Principleofseparationofprivilegestatesthatcriticalitemsshouldrequiremultipleparties.
Principleoffail-safedefaultstatesthatdenybydefault(implicitdeny)andonlygrantaccesswithexplicitpermissionshouldbeemployedin
accessdecisions.
Principleofeconomyofmechanismstatesthatprotectionmechanismsshouldbesmallandsimple.
Principleofcompletemediationstatesthatprotectionmechanismsshouldcovereveryaccesstoeveryobjectandshouldneverbebypassed.
Principleofopendesignstatesthatprotectionmechanismsshouldnotdependuponsecrecyofthemechanismitself.
Principleofleastcommonmechanismstatesthattheprotectionmechanismsshouldbesharedtotheleastdegreepossibleamongusers.
Principleofpsychologicalacceptabilitystatesthatprotectionmechanismsshouldnotimpactusers,oriftheydo,theimpactshouldbeminimal.
Principleofdefenseindepth,orlayeredsecurity,isthatmultiplelayersofdiffering,overlappingcontrolsshouldbeemployed.
Diversityofdefenseisaconceptthatcomplementstheideaofvariouslayersofsecurity.Itmeanstomakethelayersdissimilarsothatifonelayerispenetrated,thenextlayercan’talsobepenetratedusingthesamemethod.
Distinguishamongvariousmethodstoimplementaccesscontrols
Accessistheabilityofasubjecttointeractwithanobject.Accesscontrolsarethosedevicesandmethodsusedtolimitwhichsubjectsmayinteractwithspecificobjects.
Anaccesscontrollist(ACL)isamechanismthatisusedtodefinewhetherauserhascertainaccessprivilegesforasystem.Othermethodsincludediscretionaryaccesscontrol(DAC),mandatoryaccesscontrol(MAC),role-basedaccesscontrol(RBAC),andrule-basedaccesscontrol.
Describemethodsusedtoverifytheidentityandauthenticityofanindividual
Authenticationmechanismsensurethatonlyvalidusersareprovidedaccesstothecomputersystemornetwork.
Thethreegeneralmethodscommonlyusedinauthenticationinvolveusersprovidingeithersomethingtheyknow,somethingtheyhave,orsomethinguniqueaboutthem(somethingtheyare).
Recognizesomeofthebasicmodelsusedtoimplementsecurityinoperatingsystems
Securitymodelsenforcethechosensecuritypolicy.
Therearetwobasiccategoriesofmodels:thosethatensureconfidentialityandthosethatensureintegrity.
Bell-LaPadulaisaconfidentialitysecuritymodelwhosedevelopmentwaspromptedbythedemandsoftheU.S.militaryanditssecurityclearancescheme.
TheBell-LaPadulasecuritymodelenforces“no-read-up”and“no-write-down”rulestoavoidthedeliberateoraccidentaldisclosureofinformationtoindividualsnotauthorizedtoreceiveit.
TheBrewer-Nashsecuritymodel(ChineseWallmodel)isaconfidentialitymodelthatseparatesusersbasedonconflictsofinterest.
TheBibasecuritymodelisanintegrity-basedmodelthat,inmanyrespects,implementstheoppositeofwhattheBell-LaPadulamodeldoes—thatis,“no-read-down”and“no-write-up”rules.
TheClark-Wilsonsecuritymodelisanintegrity-basedmodeldesignedtolimittheprocessesanindividualmayperformaswellasrequirethatcriticaldatabemodifiedonlythroughspecifictransformationprocesses.
KeyTerms*-property(34)accesscontrol(31)auditability(20)authentication(20)availability(20)Bell-LaPadulasecuritymodel(34)Bibasecuritymodel(35)Brewer-Nashsecuritymodel(34)Clark-Wilsonsecuritymodel(37)completemediation(27)confidentiality(20)defaultdeny(26)defenseindepth(29)diversityofdefense(31)economyofmechanism(27)fail-safedefaults(26)hacking(19)hostsecurity(23)implicitdeny(26)integrity(20)layeredsecurity(29)leastcommonmechanism(28)leastprivilege(24)Low-Water-Markpolicy(36)networksecurity(24)nonrepudiation(20)opendesign(27)operationalmodelofcomputersecurity(20)phreaking(19)
psychologicalacceptability(29)Ringpolicy(36)securitythroughobscurity(28)separationofduties(25)separationofprivilege(25)SimpleSecurityRule(34)
KeyTermsQuizUsetermsfromtheKeyTermslisttocompletethesentencesthatfollow.Don’tusethesametermmorethanonce.Notalltermswillbeused.
1._______________isatermusedtodescribetheconditionwhereausercannotdenythataneventhasoccurred.
2.The_______________isanintegrity-basedsecuritymodelthatbasesitssecurityoncontroloftheprocessesthatareallowedtomodifycriticaldata,referredtoasconstraineddataitems.
3.ThesecurityprincipleusedintheBell-LaPadulasecuritymodelthatstatesthatnosubjectcanreadfromanobjectwithahighersecurityclassificationiscalledthe_______________.
4.Theprinciplethatstatesasubjecthasonlythenecessaryrightsandprivilegestoperformitstask,withnoadditionalpermissions,iscalled_______________.
5._______________istheprincipleinsecuritywhereprotectionmechanismsshouldbekeptassimpleandassmallaspossible.
6._______________istheprinciplethatprotectionmechanismsshouldminimizeuser-levelimpact.
7._______________istheprocessusedtoensurethatanindividualiswhotheyclaimtobe.
8.Thearchitectureinwhichmultiplemethodsofsecuritydefenseare
appliedtopreventrealizationofthreat-basedrisksiscalled_______________.
9._______________istheprocessofcombiningseeminglyunimportantinformationwithotherpiecesofinformationtodivulgepotentiallysensitiveinformation.
10.Implicitdenyisanoperationalizationoftheprincipleof_______________.
Multiple-ChoiceQuiz1.Whichofthefollowingisnotaprincipleofsecurity?
A.Principleofleastprivilege
B.Principleofeconomyofmechanism
C.Principleofefficientaccess
D.Principleofopenaccess
2.TheCIAofsecurityincludes:A.Confidentiality,integrity,authentication
B.Confidentiality,integrity,availability
C.Certificates,integrity,availability
D.Confidentiality,inspection,authentication
3.ThesecurityprincipleusedintheBell-LaPadulasecuritymodelthatstatesthatnosubjectcanreadfromanobjectwithahighersecurityclassificationisthe:
A.SimpleSecurityRule
B.Ringpolicy
C.Mandatoryaccesscontrol
D.*-property
4.Whichofthefollowingconceptsrequiresusersandsystemprocessestousetheminimalamountofpermissionnecessarytofunction?
A.Layerdefense
B.Diversifieddefense
C.SimpleSecurityRule
D.Leastprivilege
5.Whichsecuritymodelseparatesusersbasedonconflict-of-interestissues?
A.Bell-LaPadula
B.Brewer-Nash
C.Biba
D.Clark-Wilson
6.TheBell-LaPadulasecuritymodelisanexampleofasecuritymodelthatisbasedon:
A.Theintegrityofthedata
B.Theavailabilityofthedata
C.Theconfidentialityofthedata
D.Theauthenticityofthedata
7.Thetermusedtodescribetherequirementthatdifferentportionsofacriticalprocessmustbeperformedbydifferentpeopleis:
A.Leastprivilege
B.Defenseindepth
C.Separationofduties
D.Jobrotation
8.Hidinginformationtopreventdisclosureisanexampleof:A.Securitythroughobscurity
B.Certificate-basedsecurity
C.Discretionarydatasecurity
D.Defenseindepth
9.TheproblemwiththeLow-Water-Markpolicyisthatit:A.Isaimedatensuringconfidentialityandnotintegrity
B.Couldultimatelyresultinallsubjectshavingtheintegrityleveloftheleast-trustedobjectonthesystem
C.Couldresultintheunauthorizedmodificationofdata
D.Doesnotadequatelypreventusersfromviewingfilestheyarenotentitledtoview
10.Theconceptofblockinganactionunlessitisspecificallyauthorizedis:
A.Implicitdeny
B.Leastprivilege
C.SimpleSecurityRule
D.Hierarchicaldefensemodel
EssayQuiz1.Yourcompanyhasdecidedtoincreasetheauthenticationsecurity
byrequiringremoteemployeestouseasecuritytokenaswellasa
passwordtologontothenetwork.Theemployeesaregrumblingaboutthenewrequirementsbecausetheydon’twanttohavetocarryaroundthetokenwiththemanddon’tunderstandwhyit’snecessary.Writeabriefmemotothestafftoeducatethemonthegeneralwaysthatauthenticationcanbeperformed.Thenexplainwhyyourcompanyhasdecidedtousesecuritytokensinadditiontopasswords.
2.ThenewCEOforyourcompanyjustretiredfromthemilitaryandwantstousesomeofthesamecomputersystemsandsecuritysoftwaresheusedwhilewiththemilitary.Explaintoherthereasonsthatconfidentiality-basedsecuritymodelsarenotadequateforallenvironments.Provideatleasttwoexamplesofenvironmentswhereaconfidentiality-basedsecuritymodelisnotsufficient.
3.Describewhytheconceptof“securitythroughobscurity”isgenerallyconsideredabadprincipletorelyon.Providesomereal-worldexamplesofwhereyouhaveseenthisprincipleused.
4.Writeabriefessaydescribingtheprincipleofleastprivilegeandhowitcanbeemployedtoenhancesecurity.Provideatleasttwoexamplesofenvironmentsinwhichitcanbeusedforsecuritypurposes.
LabProjects
•LabProject2.1Inanenvironmentfamiliartoyou(yourschoolorwhereyouwork,forexample),determinewhethertheprincipleofdiversityofdefensehasbeenemployedandlistthedifferentlayersofsecuritythatareemployed.Discusswhetheryouthinktheyaresufficientandwhethertheprincipleofdiversityofdefensehasalsobeenused.
•LabProject2.2
Pickanoperatingsystemthatenforcessomeformofaccesscontrolanddeterminehowitisimplementedinthatsystem.
chapter3 OperationalandOrganizationalSecurity
Wewillbankruptourselvesinthevainsearchforabsolutesecurity.
—DWIGHTDAVIDEISENHOWER
O
Inthischapter,youwilllearnhowto
Identifyvariousoperationalaspectstosecurityinyourorganization
Identifyvariouspoliciesandproceduresinyourorganization
Identifythesecurityawarenessandtrainingneedsofanorganization
Understandthedifferenttypesofagreementsemployedinnegotiatingsecurityrequirements
Describethephysicalsecuritycomponentsthatcanprotectyourcomputersandnetwork
Identifyenvironmentalfactorsthatcanaffectsecurity
Identifyfactorsthataffectthesecurityofthegrowingnumberofwirelesstechnologiesusedfordatatransmission
Preventdisclosurethroughelectronicemanations
rganizationsachieveoperationalsecuritythroughpoliciesandproceduresthatguideuser’sinteractionswithdataanddataprocessingsystems.Developingandaligningtheseeffortswiththegoalsofthe
businessisacrucialpartofdevelopingasuccessfulsecurityprogram.Onemethodofensuringcoverageistoaligneffortswiththeoperationalsecuritymodeldescribedinthelastchapter.Thisbreakseffortsintogroups;prevention,detection,andresponseelements.Preventiontechnologiesaredesignedtokeepindividualsfrombeing
abletogainaccesstosystemsordatatheyarenotauthorizedtouse.Originally,thiswasthesoleapproachtosecurity.Eventuallywelearnedthatinanoperationalenvironment,preventionisextremelydifficultandrelyingonpreventiontechnologiesaloneisnotsufficient.Thisledtotheriseoftechnologiestodetectandrespondtoeventsthatoccurwhenpreventionfails.Together,thepreventiontechnologiesandthedetectionandresponsetechnologiesformtheoperationalmodelforcomputersecurity.
Policies,Procedures,Standards,andGuidelinesAnimportantpartofanyorganization’sapproachtoimplementingsecurityarethepolicies,procedures,standards,andguidelinesthatareestablishedtodetailwhatusersandadministratorsshouldbedoingtomaintainthesecurityofthesystemsandnetwork.Collectively,thesedocumentsprovidetheguidanceneededtodeterminehowsecuritywillbeimplementedintheorganization.Giventhisguidance,thespecifictechnologyandsecuritymechanismsrequiredcanbeplannedfor.Policiesarehigh-level,broadstatementsofwhattheorganizationwants
toaccomplish.Theyaremadebymanagementwhenlayingouttheorganization’spositiononsomeissue.Proceduresarethestep-by-stepinstructionsonhowtoimplementpoliciesintheorganization.Theydescribeexactlyhowemployeesareexpectedtoactinagivensituationortoaccomplishaspecifictask.Standardsaremandatoryelementsregardingtheimplementationofapolicy.Theyareacceptedspecificationsthatprovidespecificdetailsonhowapolicyistobeenforced.Somestandardsareexternallydriven.Regulationsforbankingandfinancialinstitutions,forexample,requirecertainsecuritymeasuresbetakenbylaw.Otherstandardsmaybesetbytheorganizationtomeetitsownsecuritygoals.Guidelinesarerecommendationsrelatingtoapolicy.Thekeyterminthiscaseisrecommendations—guidelinesarenotmandatorysteps.
Thesedocumentsguidehowsecuritywillbeimplementedintheorganization:Policies High-level,broadstatementsofwhattheorganizationwantstoaccomplishProcedures Step-by-stepinstructionsonhowtoimplementthepoliciesStandards MandatoryelementsregardingtheimplementationofapolicyGuidelines Recommendationsrelatingtoapolicy
Justasthenetworkitselfconstantlychanges,thepolicies,procedures,standards,andguidelinesshouldbeincludedinlivingdocumentsthatare
periodicallyevaluatedandchangedasnecessary.Theconstantmonitoringofthenetworkandtheperiodicreviewoftherelevantdocumentsarepartoftheprocessthatistheoperationalmodel.Whenappliedtopolicies,thisprocessresultsinwhatisknownasthepolicylifecycle.Thisoperationalprocessandpolicylifecycleroughlyconsistoffourstepsinrelationtoyoursecuritypoliciesandsolutions:
1.Plan(adjust)forsecurityinyourorganization.2.Implementtheplans.3.Monitortheimplementation.4.Evaluatetheeffectiveness.
Inthefirststep,youdevelopthepolicies,procedures,andguidelinesthatwillbeimplementedanddesignthesecuritycomponentsthatwillprotectyournetwork.Thereareavarietyofgoverninginstruments,fromstandardstocompliancerulesthatwillprovideboundariesforthesedocuments.Oncethesedocumentsaredesignedanddeveloped,youcanimplementtheplans.Partoftheimplementationofanypolicy,procedure,orguidelineisaninstructionperiodduringwhichthosewhowillbeaffectedbythechangeorintroductionofthisnewdocumentlearnaboutitscontents.Next,youmonitortoensurethatboththehardwareandthesoftwareaswellasthepolicies,procedures,andguidelinesareeffectiveinsecuringyoursystems.Finally,youevaluatetheeffectivenessofthesecuritymeasuresyouhaveinplace.Thisstepmayincludeavulnerabilityassessment(anattempttoidentifyandprioritizethelistofvulnerabilitieswithinasystemornetwork)andapenetrationtest(amethodtocheckthesecurityofasystembysimulatinganattackbyamaliciousindividual)ofyoursystemtoensurethesecurityisadequate.Afterevaluatingyoursecurityposture,youbeginagainwithstepone,thistimeadjustingthesecuritymechanismsyouhaveinplace,andthencontinuewiththiscyclicalprocess.Regardingsecurity,everyorganizationshouldhaveseveralcommon
policiesinplace(inadditiontothosealreadydiscussedrelativetoaccesscontrolmethods).Theseinclude,butarenotlimitedto,securitypoliciesregardingchangemanagement,classificationofinformation,acceptableuse,duecareandduediligence,dueprocess,needtoknow,disposalanddestructionofdata,servicelevelagreements,humanresourcesissues,codesofethics,andpoliciesgoverningincidentresponse.
SecurityPoliciesInkeepingwiththehigh-levelnatureofpolicies,thesecuritypolicyisahigh-levelstatementproducedbyseniormanagementthatoutlinesbothwhatsecuritymeanstotheorganizationandtheorganization’sgoalsforsecurity.Themainsecuritypolicycanthenbebrokendownintoadditionalpoliciesthatcoverspecifictopics.Statementssuchas“thisorganizationwillexercisetheprincipleofleastaccessinitshandlingofclientinformation”wouldbeanexampleofasecuritypolicy.Thesecuritypolicycanalsodescribehowsecurityistobehandledfromanorganizationalpointofview(suchasdescribingwhichofficeandcorporateofficerormanageroverseestheorganization’ssecurityprogram).Inadditiontopoliciesrelatedtoaccesscontrol,theorganization’s
securitypolicyshouldincludethespecificpoliciesdescribedinthenextsections.Allpoliciesshouldbereviewedonaregularbasisandupdatedasneeded.Generally,policiesshouldbeupdatedlessfrequentlythantheproceduresthatimplementthem,sincethehigh-levelgoalswillnotchangeasoftenastheenvironmentinwhichtheymustbeimplemented.Allpoliciesshouldbereviewedbytheorganization’slegalcounsel,andaplanshouldbeoutlinedthatdescribeshowtheorganizationwillensurethatemployeeswillbemadeawareofthepolicies.Policiescanalsobemadestrongerbyincludingreferencestotheauthoritywhomadethepolicy(whetherthispolicycomesfromtheCEOorisadepartment-levelpolicy,forexample)andreferencestoanylawsorregulationsthatareapplicabletothespecificpolicyandenvironment.
ChangeManagementPolicyThepurposeofchangemanagementistoensureproperproceduresarefollowedwhenmodificationstotheITinfrastructurearemade.Thesemodificationscanbepromptedbyanumberofdifferentevents,includingnewlegislation,updatedversionsofsoftwareorhardware,implementationofnewsoftwareorhardware,orimprovementstotheinfrastructure.Theterm“management”impliesthatthisprocessshouldbecontrolledinsomesystematicway,andthatisindeedthepurpose.Changestotheinfrastructuremighthaveadetrimentalimpactonoperations.Newversionsofoperatingsystemsorapplicationsoftwaremightbeincompatiblewithothersoftwareorhardwaretheorganizationisusing.Withoutaprocesstomanagethechange,anorganizationmightsuddenlyfinditselfunabletoconductbusiness.Achangemanagementprocessshouldincludevariousstages,includingamethodtorequestachangetotheinfrastructure,areviewandapprovalprocessfortherequest,anexaminationoftheconsequencesofthechange,resolution(ormitigation)ofanydetrimentaleffectsthechangemightincur,implementationofthechange,anddocumentationoftheprocessasitrelatedtothechange.
DataPoliciesSystemintegrationwiththirdpartiesfrequentlyinvolvesthesharingofdata.Datacanbesharedforthepurposeofprocessingorstorage.Controloverdataisasignificantissueinthird-partyrelationships.Therearenumerousquestionsthatneedtobeaddressed.Thequestionofwhoownsthedata,boththedatasharedwiththirdpartiesandsubsequentdatadevelopedaspartoftherelationship,isanissuethatneedstobeestablished.
DataOwnershipDatarequiresadataowner.Dataownershiprolesforalldataelementsneedtobedefinedinthebusiness.Dataownershipisabusinessfunction,
wheretherequirementsforsecurity,privacy,retention,andotherbusinessfunctionsmustbeestablished.Notalldatarequiresthesamehandlingrestrictions,butalldatarequiresthesecharacteristicstobedefined.Thisistheresponsibilityofthedataowner.
UnauthorizedDataSharingUnauthorizeddatasharingcanbeasignificantissue,andintoday’sworld,datahasvalueandisfrequentlyusedforsecondarypurposes.Ensuringthatallpartiesintherelationshipunderstandthedata-sharingrequirementsisanimportantprerequisite.Equallyimportantisensuringthatallpartiesunderstandthesecurityrequirementsofshareddata.
DataBackupsDataownershiprequirementsincludebackupresponsibilities.Databackuprequirementsincludedeterminingthelevelofbackup,restoreobjectives,andlevelofprotectionrequirements.ThesecanbedefinedbythedataownerandthenexecutedbyoperationalITpersonnel.Determiningthebackupresponsibilitiesanddevelopingthenecessaryoperationalprocedurestoensurethatadequatebackupsoccurareimportantsecurityelements.
ClassificationofInformationAkeycomponentofITsecurityistheprotectionoftheinformationprocessedandstoredonthecomputersystemsandnetwork.Organizationsdealwithmanydifferenttypesofinformation,andtheyneedtorecognizethatnotallinformationisofequalimportanceorsensitivity.Thisrequiresclassificationofinformationintovariouscategories,eachwithitsownrequirementsforitshandling.Factorsthataffecttheclassificationofspecificinformationincludeitsvaluetotheorganization(whatwillbetheimpacttotheorganizationifitlosesthisinformation?),itsage,andlawsorregulationsthatgovernitsprotection.ThemostwidelyknownsystemofclassificationofinformationisthatimplementedbytheU.S.government
(includingthemilitary),whichclassifiesinformationintocategoriessuchasConfidential,Secret,andTopSecret.BusinesseshavesimilardesirestoprotectinformationandoftenusecategoriessuchasPubliclyReleasable,Proprietary,CompanyConfidential,andForInternalUseOnly.Eachpolicyfortheclassificationofinformationshoulddescribehowitshouldbeprotected,whomayhaveaccesstoit,whohastheauthoritytoreleaseitandhow,andhowitshouldbedestroyed.Allemployeesoftheorganizationshouldbetrainedintheproceduresforhandlingtheinformationthattheyareauthorizedtoaccess.Discretionaryandmandatoryaccesscontroltechniquesuseclassificationsasamethodtoidentifywhomayhaveaccesstowhatresources.
TechTip
DataClassificationInformationclassificationcategoriesyoushouldbeawareoffortheCompTIASecurity+examinclude:High,Medium,Low,Confidential,Private,andPublic.
DataLabeling,Handling,andDisposalEffectivedataclassificationprogramsincludedatalabeling,whichenablespersonnelworkingwiththedatatoknowwhetheritissensitiveandtounderstandthelevelsofprotectionrequired.Whenthedataisinsideaninformation-processingsystem,theprotectionsshouldbedesignedintothesystem.Butwhenthedataleavesthiscocoonofprotection,whetherbyprinting,downloading,orcopying,itbecomesnecessarytoensurecontinuedprotectionbyothermeans.Thisiswheredatalabelingassistsusersinfulfillingtheirresponsibilities.Trainingtoensurethatlabelingoccursandthatitisusedandfollowedisimportantforuserswhoserolescanbeimpactedbythismaterial.Trainingplaysanimportantroleinensuringproperdatahandlingand
disposal.Personnelareintimatelyinvolvedinseveralspecifictasks
associatedwithdatahandlinganddatadestruction/disposaland,ifproperlytrained,canactasasecuritycontrol.Untrainedorinadequatelytrainedpersonnelwillnotbeaproductivesecuritycontroland,infact,canbeasourceofpotentialcompromise.
NeedtoKnowAnothercommonsecurityprincipleisthatofneedtoknow,whichgoeshand-in-handwithleastprivilege.Theguidingfactorhereisthateachindividualintheorganizationissuppliedwithonlytheabsoluteminimumamountofinformationandprivilegesheorsheneedstoperformtheirworktasks.Toobtainaccesstoanypieceofinformation,theindividualmusthaveajustifiedneedtoknow.Apolicyspellingoutthesetwoprinciplesasguidingphilosophiesfortheorganizationshouldbecreated.Thepolicyshouldalsoaddresswhointheorganizationcangrantaccesstoinformationandwhocanassignprivilegestoemployees.
DisposalandDestructionPolicyManypotentialintrudershavelearnedthevalueofdumpsterdiving.Anorganizationmustbeconcernedaboutnotonlypapertrashanddiscardedobjects,butalsotheinformationstoredondiscardedobjectssuchascomputers.Severalgovernmentorganizationshavebeenembarrassedwhenoldcomputerssoldtosalvagersprovedtocontainsensitivedocumentsontheirharddrives.Itiscriticalforeveryorganizationtohaveastrongdisposalanddestructionpolicyandrelatedprocedures.Importantpapersshouldbeshredded,andimportantinthiscasemeans
anythingthatmightbeusefultoapotentialintruder.Itisamazingwhatintruderscandowithwhatappeartobeinnocentpiecesofinformation.Beforemagneticstoragemedia(suchasdisksortapes)isdiscardedin
thetrashorsoldforsalvage,itshouldhaveallfilesdeleted,andshouldbeoverwrittenatleastthreetimeswithall1’s,all0’s,andthenrandomcharacters.Commercialproductsareavailabletodestroyfilesusingthisprocess.Itisnotsufficientsimplytodeleteallfilesandleaveitatthat,
sincethedeletionprocessaffectsonlythepointerstowherethefilesarestoredanddoesn’tactuallygetridofallthebitsinthefile.Thisiswhyitispossibleto“undelete”filesandrecoverthemaftertheyhavebeendeleted.Asafermethodfordestroyingfilesfromastoragedeviceistodestroy
thedatamagnetically,usingastrongmagneticfieldtodegaussthemedia.Thiseffectivelydestroysalldataonthemedia.Severalcommercialdegaussersareavailableforthispurpose.Anothermethodthatcanbeusedonharddrivesistouseafileonthem(thesortoffileyou’dfindinahardwarestore)andactuallyfileoffthemagneticmaterialfromthesurfaceoftheplatter.Shreddingfloppymediaisnormallysufficient,butsimplycuttingafloppydiskintoafewpiecesisnotenough—datahasbeensuccessfullyrecoveredfromfloppiesthatwerecutintoonlyacoupleofpieces.CDsandDVDsalsoneedtobedisposedofappropriately.Manypapershreddersnowhavetheabilitytoshredtheseformsofstoragemedia.Insomehighlysecureenvironments,theonlyacceptablemethodofdisposingofharddrivesandotherstoragedevicesistheactualphysicaldestructionofthedevices.Matchingthesecurityactiontothelevelofriskisimportanttorecognizeinthisinstance.Destroyingharddrivesthatdonothavesensitiveinformationiswasteful;properfilescrubbingisprobablyappropriate.Fordriveswithultra-sensitiveinformation,physicaldestructionmakessense.Thereisnosingleanswer,butasinmostthingsassociatedwithinformationsecurity,thebestpracticeistomatchtheactiontothelevelofrisk.
HumanResourcesPoliciesIthasbeensaidthattheweakestlinksinthesecuritychainarethehumans.Consequently,itisimportantfororganizationstohavepoliciesinplacerelativetotheiremployees.Policiesthatrelatetothehiringofindividualsareprimarilyimportant.Theorganizationneedstomakesurethatithiresindividualswhocanbetrustedwiththeorganization’sdataandthatofitsclients.Onceemployeesarehired,theyshouldbekeptfromslippingintothecategoryof“disgruntledemployee.”Finally,policiesmustbe
developedtoaddresstheinevitablepointinthefuturewhenanemployeeleavestheorganization—eitheronhisorherownorwiththe“encouragement”oftheorganizationitself.Securityissuesmustbeconsideredateachofthesepoints.
ManyorganizationsoverlookthesecurityimplicationsthatdecisionsbyHumanResourcesmayhave.HumanResourcespersonnelandsecuritypersonnelshouldhaveacloseworkingrelationship.Decisionsonthehiringandfiringofpersonnelhavedirectsecurityimplicationsfortheorganization.Asaresult,proceduresshouldbeinplacethatspecifywhichactionsmustbetakenwhenanemployeeishired,isterminated,orretires.
CodeofEthicsNumerousprofessionalorganizationshaveestablishedcodesofethicsfortheirmembers.Eachofthesedescribestheexpectedbehavioroftheirmembersfromahigh-levelstandpoint.Organizationscanadoptthisideaaswell.Fororganizations,acodeofethicscansetthetoneforhowemployeeswillbeexpectedtoactandtoconductbusiness.Thecodeshoulddemandhonestyfromemployeesandrequirethattheyperformallactivitiesinaprofessionalmanner.Thecodecouldalsoaddressprinciplesofprivacyandconfidentialityandstatehowemployeesshouldtreatclientandorganizationaldata.Conflictsofinterestcanoftencauseproblems,sothiscouldalsobecoveredinthecodeofethics.Byoutliningacodeofethics,theorganizationcanencouragean
environmentthatisconducivetointegrityandhighethicalstandards.Foradditionalideasonpossiblecodesofethics,checkprofessionalorganizationssuchastheInstituteforElectricalandElectronicsEngineers(IEEE),theAssociationforComputingMachinery(ACM),ortheInformationSystemsSecurityAssociation(ISSA).
TechTip
HiringHackersHiringaskilledhackermaymakesensefromatechnicalskillspointofview,butanorganizationalsohastoconsiderthebroaderethicalandbusinessconsequencesandassociatedrisks.Isthehackercompletelyreformedornot?Howmuchtimeisneededtodeterminethis?Therealquestionisnot“Wouldyouhireahacker?”butrather“Canyoufireahackeroncehehashadaccesstoyoursystems?”Trustisanimportantissuewithemployeeswhohavesystemadministratoraccess,andthelong-termramificationsneedtobeconsidered.
JobRotationAninterestingapproachtoenhancesecuritythatisgainingincreasingattentionisjobrotation.Organizationsoftendiscussthebenefitsofrotatingindividualsthroughvariousjobsinanorganization’sITdepartment.Byrotatingthroughjobs,individualsgainabetterperspectiveonhowthevariouspartsofITcanenhance(orhinder)thebusiness.SincesecurityisoftenamisunderstoodaspectofIT,rotatingindividualsthroughsecuritypositionscanresultinamuchwiderunderstandingthroughouttheorganizationaboutpotentialsecurityproblems.Italsocanhavethesidebenefitofacompanynothavingtorelyonanyoneindividualtooheavilyforsecurityexpertise.Ifallsecuritytasksarethedomainofoneemployee,andthatindividualleavessuddenly,securityattheorganizationcouldsuffer.Ontheotherhand,ifsecuritytasksareunderstoodbymanydifferentindividuals,thelossofanyoneindividualhaslessofanimpactontheorganization.
EmployeeHiringandPromotionsItisbecomingcommonfororganizationstorunbackgroundchecksonprospectiveemployeesandtocheckthereferencesprospectiveemployeessupply.Frequently,organizationsrequiredrugtesting,checkforanypastcriminalactivity,verifyclaimededucationalcredentials,andconfirmreportedworkhistory.Forhighlysensitiveenvironments,specialsecuritybackgroundinvestigationscanalsoberequired.Makesurethatyourorganizationhiresthemostcapableandtrustworthyemployees,andthatyourpoliciesaredesignedtoensurethis.
Afteranindividualhasbeenhired,yourorganizationneedstominimizetheriskthattheemployeewillignorecompanyrulesandaffectsecurity.Periodicreviewsbysupervisorypersonnel,additionaldrugchecks,andmonitoringofactivityduringworkmayallbeconsideredbytheorganization.Iftheorganizationchoosestoimplementanyofthesereviews,thismustbespecifiedintheorganization’spolicies,andprospectiveemployeesshouldbemadeawareofthesepoliciesbeforebeinghired.Whatanorganizationcandointermsofmonitoringandrequiringdrugtests,forexample,canbeseverelyrestrictedifnotspelledoutinadvanceastermsofemployment.Newhiresshouldbemadeawareofallpertinentpolicies,especiallythoseapplyingtosecurity,andshouldbeaskedtosigndocumentsindicatingthattheyhavereadandunderstoodthem.
TechTip
AccountsofFormerEmployeesWhenconductingsecurityassessmentsoforganizations,securityprofessionalsfrequentlyfindactiveaccountsforindividualswhonolongerworkforthecompany.Thisisespeciallytrueforlargerorganizations,whichmaylackaclearprocessforthepersonnelofficetocommunicatewiththenetworkadministratorswhenanemployeeleavestheorganization.Theseoldaccounts,however,areaweakpointinthesecurityperimeterfortheorganizationandshouldbeeliminated.
Occasionallyanemployee’sstatuswillchangewithinthecompany.Ifthechangecanbeconstruedasanegativepersonnelaction(suchasademotion),supervisorsshouldbealertedtowatchforchangesinbehaviorthatmightindicatetheemployeeiscontemplatingorconductingunauthorizedactivity.Itislikelythattheemployeewillbeupset,andwhetherheactsonthistothedetrimentofthecompanyissomethingthatneedstobeguardedagainst.Inthecaseofademotion,theindividualmayalsolosecertainprivilegesoraccessrights,andthesechangesshouldbemadequicklysoastolessenthelikelihoodthattheemployeewilldestroy
previouslyaccessibledataifhebecomesdisgruntledanddecidestotakerevengeontheorganization.Ontheotherhand,iftheemployeeispromoted,privilegesmaystillchange,buttheneedtomakethechangetoaccessprivilegesmaynotbeasurgent,thoughitshouldstillbeaccomplishedasquicklyaspossible.Ifthemoveisalateralone,changesmayalsoneedtotakeplace,andagaintheyshouldbeaccomplishedasquicklyaspossible.
Retirement,Separation,orTerminationofanEmployeeAnemployeeleavinganorganizationcanbeeitherapositiveoranegativeaction.Employeeswhoareretiringbytheirownchoicemayannouncetheirplannedretirementweeksorevenmonthsinadvance.Limitingtheiraccesstosensitivedocumentsthemomenttheyannouncetheirintentionmaybethesafestthingtodo,butitmightnotbenecessary.Eachsituationshouldbeevaluatedindividually.Ifthesituationisaforcedretirement,theorganizationmustdeterminetherisktoitsdataiftheemployeebecomesdisgruntledasaresultoftheaction.Inthissituation,thewisestchoicemightbetocutofftheemployee’saccessquicklyandprovideherwithsomeadditionalvacationtime.Thismightseemlikeanexpensiveproposition,butthedangertothecompanyofhavingadisgruntledemployeemayjustifyit.Again,eachcaseshouldbeevaluatedindividually.
Itisbettertogiveapotentiallydisgruntledemployeeseveralweeksofpaidvacationthantohavehimtrashsensitivefilestowhichhehasaccess.Becauseemployeestypicallyknowthepatternofmanagementbehaviorwithrespecttotermination,doingtherightthingwillpaydividendsinthefutureforafirm.
Whenanemployeedecidestoleaveacompany,generallyasaresultofanewjoboffer,continuedaccesstosensitiveinformationshouldbecarefullyconsidered.Iftheemployeeisleavingasaresultofhardfeelingstowardthecompany,itmightbewisetoquicklyrevokeheraccess
privileges.Iftheemployeeisleavingtheorganizationbecauseheisbeing
terminated,youshouldassumethatheisorwillbecomedisgruntled.Whileitmaynotseemthefriendliestthingtodo,anemployeeinthissituationshouldimmediatelyhavehisaccessprivilegestosensitiveinformationandfacilitiesrevoked.Combinationsshouldalsobequicklychangedonceanemployeehas
beeninformedoftheirtermination.Accesscards,keys,andbadgesshouldbecollected;theemployeeshouldbeescortedtoherdeskandwatchedasshepackspersonalbelongings;andthensheshouldbeescortedfromthebuilding.
Organizationscommonlyneglecttohaveapolicythatmandatestheremovalofanindividual’scomputeraccessupontermination.Notonlyshouldsuchapolicyexist,butitshouldalsoincludetheprocedurestoreclaimand“clean”aterminatedemployee’scomputersystemandaccounts.
MandatoryVacationsOrganizationshaveprovidedvacationtimetotheiremployeesformanyyears.Few,however,forceemployeestotakethistimeiftheydon’twantto.Atsomecompanies,employeesaregiventhechoicetoeither“useorlose”theirvacationtime;iftheydonottakealloftheirvacationtime,theyloseatleastaportionofit.Fromasecuritystandpoint,anemployeewhonevertakestimeoffmightbeinvolvedinnefariousactivity,suchasfraudorembezzlement,andmightbeafraidthatifheleavesonvacation,theorganizationwilldiscoverhisillicitactivities.Asaresult,requiringemployeestousetheirvacationtimethroughapolicyofmandatoryvacationscanbeasecurityprotectionmechanism.Usingmandatoryvacationsasatooltodetectfraudwillrequirethatsomebodyelsealsobetrainedinthefunctionsoftheemployeewhoisonvacation.Havingasecondpersonfamiliarwithsecurityproceduresisalsoagoodpolicyin
casesomethinghappenstotheprimaryemployee.
On-boarding/Off-boardingBusinessPartnersJustasitisimportanttomanagetheon-andoff-boardingprocessesofcompanypersonnel,itisimportanttoconsiderthesametypesofelementswhenmakingarrangementswiththirdparties.Agreementswithbusinesspartnerstendtobefairlyspecificwithrespecttotermsassociatedwithmutualexpectationsassociatedwiththeprocessofthebusiness.Considerationsregardingtheon-boardingandoff-boardingprocessesareimportant,especiallytheoff-boarding.Whenacontractarrangementwithathirdpartycomestoanend,issuesastodataretentionanddestructionbythethirdpartyneedtobeaddressed.Theseconsiderationsneedtobemadepriortotheestablishmentoftherelationship,notaddedatthetimethatitiscomingtoanend.
On-boardingandoff-boardingbusinessproceduresshouldbewelldocumentedtoensurecompliancewithlegalrequirements.
SocialMediaNetworksTheriseofsocialmedianetworkshaschangedmanyaspectsofbusiness.Whetherusedformarketing,communications,customerrelations,orsomeotherpurpose,socialmedianetworkscanbeconsideredaformofthirdparty.Oneofthechallengesinworkingwithsocialmedianetworksand/orapplicationsistheirtermsofuse.Whilearelationshipwithatypicalthirdpartyinvolvesanegotiatedsetofagreementswithrespecttorequirements,thereisnonegotiationwithsocialmedianetworks.Theonlyoptionistoadopttheirtermsofservice,soitisimportanttounderstandtheimplicationsofthesetermswithrespecttothebusinessuseofthesocialnetwork.
AcceptableUsePolicyAnacceptableusepolicy(AUP)outlineswhattheorganizationconsiderstobetheappropriateuseofcompanyresources,suchascomputersystems,e-mail,Internetaccess,andnetworks.Organizationsshouldbeconcernedaboutpersonaluseoforganizationalassetsthatdoesnotbenefitthecompany.ThegoaloftheAUPistoensureemployeeproductivitywhilelimiting
organizationalliabilitythroughinappropriateuseoftheorganization’sassets.TheAUPshouldclearlydelineatewhatactivitiesarenotallowed.Itshouldaddressissuessuchastheuseofresourcestoconductpersonalbusiness,installationofhardwareorsoftware,remoteaccesstosystemsandnetworks,thecopyingofcompany-ownedsoftware,andtheresponsibilityofuserstoprotectcompanyassets,includingdata,software,andhardware.Statementsregardingpossiblepenaltiesforignoringanyofthepolicies(suchastermination)shouldalsobeincluded.Relatedtoappropriateuseoftheorganization’scomputersystemsand
networksbyemployeesistheappropriateusebytheorganization.Themostimportantofsuchissuesiswhethertheorganizationconsidersitappropriatetomonitortheemployees’useofthesystemsandnetwork.Ifmonitoringisconsideredappropriate,theorganizationshouldincludeastatementtothiseffectinthebannerthatappearsatlogin.Thisrepeatedlywarnsemployees,andpossibleintruders,thattheiractionsaresubjecttomonitoringandthatanymisuseofthesystemwillnotbetolerated.Shouldtheorganizationneedtouseinacivilorcriminalcaseanyinformationgatheredduringmonitoring,theissueofwhethertheemployeehadanexpectationofprivacy,orwhetheritwasevenlegalfortheorganizationtobemonitoring,issimplifiediftheorganizationcanpointtoastatementthatisalwaysdisplayedthatinstructsusersthatuseofthesystemconstitutesconsenttomonitoring.Beforeanymonitoringisconducted,ortheactualwordingonthewarningmessageiscreated,theorganization’slegalcounselshouldbeconsultedtodeterminetheappropriatewaytoaddressthisissueintheparticularjurisdiction.
Intoday’shighlyconnectedenvironment,everyorganizationshouldhaveanAUPthatspellsouttoallemployeeswhattheorganizationconsidersappropriateandinappropriateuseofitscomputingandnetworksresources.Havingthispolicymaybecriticalshouldtheorganizationneedtotakedisciplinaryactionsbasedonanabuseofitsresources.
InternetUsagePolicyIntoday’shighlyconnectedenvironment,employeeuseofaccesstotheInternetisofparticularconcern.ThegoaloftheInternetusagepolicyistoensuremaximumemployeeproductivityandtolimitpotentialliabilitytotheorganizationfrominappropriateuseoftheInternetinaworkplace.TheInternetprovidesatremendoustemptationforemployeestowastehoursastheysurftheWebforthescoresofgamesfromthepreviousnight,conductquickonlinestocktransactions,orreadthereviewofthelatestblockbustermovieeveryoneistalkingabout.Inaddition,allowingemployeestovisitsitesthatmaybeconsideredoffensivetoothers(suchaspornographicorhatesites)canopenthecompanytoaccusationsofcondoningahostileworkenvironmentandresultinlegalliability.TheInternetusagepolicyneedstoaddresswhatsitesemployeesare
allowedtovisitandwhatsitestheyarenotallowedtovisit.IfthecompanyallowsthemtosurftheWebduringnonworkhours,thepolicyneedstoclearlyspellouttheacceptableparameters,intermsofwhentheyareallowedtodothisandwhatsitestheyarestillprohibitedfromvisiting(suchaspotentiallyoffensivesites).Thepolicyshouldalsodescribeunderwhatcircumstancesanemployeewouldbeallowedtopostsomethingfromtheorganization’snetworkontheWeb(onablog,forexample).Anecessaryadditiontothispolicywouldbetheprocedureforanemployeetofollowtoobtainpermissiontoposttheobjectormessage.
E-MailUsagePolicyRelatedtotheInternetusagepolicyisthee-mailusagepolicy,whichdeals
withwhatthecompanywillallowemployeestosendin,orasattachmentsto,e-mailmessages.Thispolicyshouldspelloutwhethernonworke-mailtrafficisallowedatallorisatleastseverelyrestricted.Itneedstocoverthetypeofmessagethatwouldbeconsideredinappropriatetosendtootheremployees(forexample,nooffensivelanguage,nosex-relatedorethnicjokes,noharassment,andsoon).Thepolicyshouldalsospecifyanydisclaimersthatmustbeattachedtoanemployee’smessagesenttoanindividualoutsidethecompany.Thepolicyshouldremindemployeesoftherisksofclickingonlinksine-mails,oropeningattachments,asthesecanbesocialengineeringattacks.
CleanDeskPolicyPreventingaccesstoinformationisalsoimportantintheworkarea.Firmswithsensitiveinformationshouldhavea“cleandeskpolicy”specifyingthatsensitiveinformationmustnotbeleftunsecuredintheworkareawhentheworkerisnotpresenttoactascustodian.Evenleavingthedeskareaandgoingtothebathroomcanleaveinformationexposedandsubjecttocompromise.Thecleandeskpolicyshouldidentifyandprohibitthingsthatarenotobviousuponfirstglance,suchaspasswordsonstickynotesunderkeyboardsandmousepadsorinunsecureddeskdrawers.Alloftheseelementsthatdemonstratetheneedforacleandeskarelostifemployeesdonotmakethempersonal.Trainingforcleandeskactivitiesneedstomaketheissueapersonalone,whereconsequencesareunderstoodandtheworkplacereinforcesthepositiveactivity.
BringYourOwnDevice(BYOD)PolicyEveryoneseemstohaveasmartphone,atablet,orotherpersonalInternetdevicethattheyuseintheirpersonallives.Bringingthesetoworkisanaturalextensionofone’snormalactivities,butthisraisesthequestionofwhatpoliciesareappropriatebeforeafirmallowsthesedevicestoconnecttothecorporatenetworkandaccesscompanydata.Likeallotherpolicies,planningisneededtodefinetheappropriatepathwaytothecompanyobjectives.Personaldevicesoffercostsavingsandpositiveuser
acceptance,andinmanycasesthesefactorsmakeallowingBYODasensibledecision.TheprimarypurposeofaBYODpolicyistolowertheriskassociated
withconnectingawidearrayofpersonaldevicestoacompany’snetworkandaccessingsensitivedataonthem.Thisplacessecurity,intheformofriskmanagement,asacenterelementofaBYODpolicy.Devicesneedtobemaintainedinacurrent,up-to-datesoftwareposture,andwithcertainsecurityfeatures,suchasscreenlocksandpasswordsenabled.Remotewipeandotherfeaturesshouldbeenabled,andhighlysensitivedata,especiallyinaggregate,shouldnotbeallowedonthedevices.Usersshouldhavespecifictrainingastowhatisallowedandwhatisn’tandshouldbemadeawareoftheincreasedresponsibilityassociatedwithamobilemeansofaccessingcorporateresources.Insomecasesitmaybenecessarytodefineapolicyassociatedwith
personallyowneddevices.Thispolicywilldescribetherulesandregulationsassociatedwithuseofpersonallyowneddeviceswithrespecttocorporatedata,networkconnectivity,andsecurityrisks.
PrivacyPolicyCustomersplaceanenormousamountoftrustinorganizationstowhichtheyprovidepersonalinformation.Thesecustomersexpecttheirinformationtobekeptsecuresothatunauthorizedindividualswillnotgainaccesstoitandsothatauthorizeduserswillnotusetheinformationinunintendedways.Organizationsshouldhaveaprivacypolicythatexplainswhattheirguidingprincipleswillbeinguardingpersonaldatatowhichtheyaregivenaccess.Aspecialcategoryofprivateinformationthatisbecomingincreasingly
importanttodayispersonallyidentifiableinformation(PII).Thiscategoryofinformationincludesanydatathatcanbeusedtouniquelyidentifyanindividual.Thiswouldincludeanindividual’sname,address,driver’slicensenumber,andotherdetails.AnorganizationthatcollectsPIIonitsemployeesandcustomersmustmakesurethatittakesallnecessarymeasurestoprotectthedatafromcompromise.
CrossCheckPrivacyPrivacyisanimportantconsiderationintoday’scomputingenvironment.Assuch,ithasbeengivenitsownchapter,Chapter25.Additionaldetailsonprivacyissuescanbefoundthere.
TechTip
PrudentPersonPrincipleTheconceptsofduecareandduediligenceareconnected.Duecareaddresseswhethertheorganizationhasaminimalsetofpoliciesthatprovidesreasonableassuranceofsuccessinmaintainingsecurity.Duediligencerequiresthatmanagementactuallydosomethingtoensuresecurity,suchasimplementproceduresfortestingandreviewofauditrecords,internalsecuritycontrols,andpersonnelbehavior.Thestandardappliedisoneofa“prudentperson”;wouldaprudentpersonfindtheactionsappropriateandsincere?Toapplythisstandard,allonehastodoisaskthefollowingquestionfortheissueunderconsideration:“Whatwouldaprudentpersondotoprotectandensurethatthesecurityfeaturesandproceduresareworkingoradequate?”Failureofasecurityfeatureorproceduredoesn’tnecessarilymeanthepersonactedimprudently.
DueCareandDueDiligenceDuecareandduediligencearetermsusedinthelegalandbusinesscommunitytodefinereasonablebehavior.Basically,thelawrecognizestheresponsibilityofanindividualororganizationtoactreasonablyrelativetoanotherparty.IfpartyAallegesthattheactionsofpartyBhavecauseditlossorinjury,partyAmustprovethatpartyBfailedtoexerciseduecareorduediligenceandthatthisfailureresultedinthelossorinjury.Thesetermsoftenareusedsynonymously,butduecaregenerallyreferstothestandardofcareareasonablepersonisexpectedtoexerciseinallsituations,whereasduediligencegenerallyreferstothestandardofcareabusinessisexpectedtoexerciseinpreparationforabusinesstransaction.Anorganizationmusttakereasonableprecautionsbeforeenteringa
businesstransactionoritmightbefoundtohaveactedirresponsibly.Intermsofsecurity,organizationsareexpectedtotakereasonableprecautionstoprotecttheinformationthattheymaintainonindividuals.Shouldapersonsufferalossasaresultofnegligenceonthepartofanorganizationintermsofitssecurity,thatpersontypicallycanbringalegalsuitagainsttheorganization.Thestandardapplied—reasonableness—isextremelysubjectiveand
oftenisdeterminedbyajury.Theorganizationwillneedtoshowthatithadtakenreasonableprecautionstoprotecttheinformation,andthat,despitetheseprecautions,anunforeseensecurityeventoccurredthatcausedtheinjurytotheotherparty.Sincethisissosubjective,itishardtodescribewhatwouldbeconsideredreasonable,butmanysectorshaveasetof“securitybestpractices”fortheirindustry,whichprovidesabasisfororganizationsinthatsectortostartfrom.Iftheorganizationdecidesnottofollowanyofthebestpracticesacceptedbytheindustry,itneedstobepreparedtojustifyitsreasonsincourtshouldanincidentoccur.Ifthesectortheorganizationisinhasregulatoryrequirements,justifyingwhythemandatedsecuritypracticeswerenotfollowedwillbemuchmoredifficult(ifnotimpossible).
Duediligenceistheapplicationofaspecificstandardofcare.Duecareisthedegreeofcarethatanordinarypersonwouldexercise.
DueProcessDueprocessisconcernedwithguaranteeingfundamentalfairness,justice,andlibertyinrelationtoanindividual’slegalrights.IntheUnitedStates,dueprocessisconcernedwiththeguaranteeofanindividual’srightsasoutlinedbytheConstitutionandBillofRights.Proceduraldueprocessisbasedontheconceptofwhatis“fair.”Alsoofinterestistherecognitionbycourtsofaseriesofrightsthatarenotexplicitlyspecifiedbythe
ConstitutionbutthatthecourtshavedecidedareimplicitintheconceptsembodiedbytheConstitution.Anexampleofthisisanindividual’srighttoprivacy.Fromanorganization’spointofview,dueprocessmaycomeintoplayduringanadministrativeactionthatadverselyaffectsanemployee.Beforeanemployeeisterminated,forexample,werealloftheemployee’srightsprotected?Anactualexamplepertainstotherightsofprivacyregardingemployees’e-mailmessages.Asthenumberofcasesinvolvingemployersexaminingemployeee-mailsgrows,caselawcontinuestobeestablishedandthecourtseventuallywillsettleonwhatrightsanemployeecanexpect.ThebestthinganemployercandoiffacedwiththissortofsituationistoworkcloselywithHRstafftoensurethatappropriatepoliciesarefollowedandthatthosepoliciesareinkeepingwithcurrentlawsandregulations.
IncidentResponsePoliciesandProceduresNomatterhowcarefulanorganizationis,eventuallyasecurityincidentofsomesortwilloccur.Whenithappens,howeffectivelytheorganizationrespondstoitwilldependgreatlyonhowprepareditistohandleincidents.Anincidentresponsepolicyandassociatedproceduresshouldbedevelopedtooutlinehowtheorganizationwillprepareforsecurityincidentsandrespondtothemwhentheyoccur.Waitinguntilanincidenthappensisnottherighttimetoestablishyourpolicies—theyneedtobedesignedinadvance.Theincidentresponsepolicyshouldcoverfivephases:preparation,detection,containmentanderadication,recovery,andfollow-upactions.
CrossCheckIncidentResponseIncidentresponseiscoveredindetailinChapter22.Thissectionservesonlyasanintroductiontopolicyelementsassociatedwiththetopic.Forcompletedetailsonincidentresponse,pleaseexamineChapter22.
SecurityAwarenessandTrainingSecurityawarenessandtrainingprogramscanenhanceanorganization’ssecuritypostureintwodirectways.First,theyteachpersonnelhowtofollowthecorrectsetofactionstoperformtheirdutiesinasecuremanner.Second,theymakepersonnelawareoftheindicatorsandeffectsofsocialengineeringattacks.Therearemanytasksthatemployeesperformthatcanhaveinformation
securityramifications.Properlytrainedemployeesareabletoperformtheirdutiesinamoreeffectivemanner,includingtheirdutiesassociatedwithinformationsecurity.Theextentofinformationsecuritytrainingwillvarydependingontheorganization’senvironmentandthelevelofthreat,butinitialemployeesecuritytrainingatthetimeofbeinghiredisimportant,asisperiodicrefreshertraining.Astrongsecurityeducationandawarenesstrainingprogramcangoalongwaytowardreducingthechancethatasocialengineeringattackwillbesuccessful.Securityawarenessprogramsandcampaigns,whichmightincludeseminars,videos,posters,newsletters,andsimilarmaterials,arealsofairlyeasytoimplementandarenotverycostly.
SecurityPolicyTrainingandProceduresPersonnelcannotbeexpectedtoperformcomplextaskswithouttrainingwithrespecttothetasksandexpectations.Thisappliesbothtothesecuritypolicyandtooperationalsecuritydetails.Ifemployeesaregoingtobeexpectedtocomplywiththeorganization’ssecuritypolicy,theymustbeproperlytrainedinitspurpose,meaning,andobjectives.Trainingwithrespecttotheinformationsecuritypolicy,individualresponsibilities,andexpectationsissomethingthatrequiresperiodicreinforcementthroughrefreshertraining.Becausethesecuritypolicyisahigh-leveldirectivethatsetstheoverall
supportandexecutivedirectionwithrespecttosecurity,itisimportantthatthemeaningofthismessagebetranslatedandsupported.Second-level
policiessuchaspassword,access,informationhandling,andacceptableusepoliciesalsoneedtobecovered.Thecollectionofpoliciesshouldpaintapicturedescribingthedesiredsecuritycultureoftheorganization.Thetrainingshouldbedesignedtoensurethatpeopleseeandunderstandthewholepicture,notjusttheelements.
Role-basedTrainingFortrainingtobeeffective,itneedstobetargetedtotheuserwithregardtotheirroleinthesubjectofthetraining.Whileallemployeesmayneedgeneralsecurityawarenesstraining,theyalsoneedspecifictraininginareaswheretheyhaveindividualresponsibilities.Role-basedtrainingwithregardtoinformationsecurityresponsibilitiesisanimportantpartofinformationsecuritytraining.Ifapersonhasjobresponsibilitiesthatmayimpactinformationsecurity,
thenrole-specifictrainingisneededtoensurethattheindividualunderstandstheresponsibilitiesastheyrelatetoinformationsecurity.Someroles,suchassystemadministratorordeveloper,haveclearlydefinedinformationsecurityresponsibilities.Therolesofothers,suchasprojectmanagerorpurchasingmanager,haveinformationsecurityimpactsthatarelessobvious,buttheserolesrequiretrainingaswell.Infact,theless-obviousbutwider-impactrolesofmiddlemanagementcanhavealargeeffectontheinformationsecurityculture,andthusifaspecificoutcomeisdesired,itrequirestraining.Asinallpersonnel-relatedtraining,twoelementsneedattention.First,
retrainingovertimeisnecessarytoensurethatpersonnelkeepproperlevelsofknowledge.Second,aspeoplechangejobs,areassessmentoftherequiredtrainingbasisisneeded,andadditionaltrainingmayberequired.Maintainingaccuratetrainingrecordsofpersonnelistheonlywaythiscanbemanagedinanysignificantenterprise.
CompliancewithLaws,BestPractices,and
StandardsThereisawidearrayoflaws,regulations,contractualrequirements,standards,andbestpracticesassociatedwithinformationsecurity.Eachplacesitsownsetofrequirementsuponanorganizationanditspersonnel.Theonlyeffectivewayforanorganizationtoaddresstheserequirementsistobuildthemintotheirownpoliciesandprocedures.Trainingtoone’sownpoliciesandprocedureswouldthentranslateintocoverageoftheseexternalrequirements.Itisimportanttonotethatmanyoftheseexternalrequirementsimparta
specifictrainingandawarenesscomponentupontheorganization.OrganizationssubjecttotherequirementsofthePaymentCardIndustryDataSecurityStandard(PCIDSS),GrammLeachBlileyAct(GLBA),orHealthInsurancePortabilityAccountabilityAct(HIPAA)areamongthemanythatmustmaintainaspecificinformationsecuritytrainingprogram.Otherorganizationsshoulddosoasamatterofbestpractice.
UserHabitsIndividualuserresponsibilitiesvarybetweenorganizationsandthetypeofbusinesseachorganizationisinvolvedin,buttherearecertainverybasicresponsibilitiesthatallusersshouldbeinstructedtoadopt:
Lockthedoortoyourofficeorworkspace,includingdrawersandcabinets.
Donotleavesensitiveinformationinsideyourcarunprotected.
Securestoragemediacontainingsensitiveinformationinasecurestoragedevice.
Shredpapercontainingorganizationalinformationbeforediscardingit.
Donotdivulgesensitiveinformationtoindividuals(includingotheremployees)whodonothaveanauthorizedneedtoknowit.
Donotdiscusssensitiveinformationwithfamilymembers.(ThemostcommonviolationofthisruleoccursinregardtoHRinformation,asemployees,especiallysupervisors,maycomplaintotheirspouseorfriendsaboutotheremployeesoraboutproblemsthatareoccurringatwork.)
Protectlaptopsandothermobiledevicesthatcontainsensitiveorimportantorganizationinformationwhereverthedevicemaybestoredorleft.(It’sagoodideatoensurethatsensitiveinformationisencryptedonthelaptopormobiledevicesothat,shouldtheequipmentbelostorstolen,theinformationremainssafe.)
Beawareofwhoisaroundyouwhendiscussingsensitivecorporateinformation.Doeseverybodywithinearshothavetheneedtohearthisinformation?
Enforcecorporateaccesscontrolprocedures.Bealertto,anddonotallow,piggybacking,shouldersurfing,oraccesswithoutthepropercredentials.
Beawareofthecorrectprocedurestoreportsuspectedoractualviolationsofsecuritypolicies.
Followproceduresestablishedtoenforcegoodpasswordsecuritypractices.Passwordsaresuchacriticalelementthattheyarefrequentlytheultimatetargetofasocialengineeringattack.Thoughsuchpasswordproceduresmayseemtoooppressiveorstrict,theyareoftenthebestlineofdefense.
Userhabitsareafront-linesecuritytoolinengagingtheworkforcetoimprovetheoverallsecuritypostureofanorganization.
UserresponsibilitiesareeasytrainingtopicsaboutwhichtoaskquestionsontheCompTIASecurity+exam,socommittomemoryyourknowledgeofthepointslistedhere.
NewThreatsandSecurityTrends/AlertsAttheendoftheday,informationsecuritypracticesareaboutmanagingrisk,anditiswellknownthattheriskenvironmentisonemarkedbyconstantchange.Theever-evolvingthreatenvironmentfrequentlyencountersnewthreats,newsecurityissues,andnewformsofdefense.Trainingpeopletorecognizethenewthreatsnecessitatescontinualawarenessandtrainingrefresherevents.
NewVirusesNewformsofviruses,ormalware,arebeingcreatedeveryday.Someofthesenewformscanbehighlydestructiveandcostly,anditisincumbentuponalluserstobeonthelookoutforandtakeactionstoavoidexposure.Pooruserpracticesarecountedonbymalwareauthorstoassistinthespreadoftheirattacks.Onewayofexplainingproperactionstousersistouseananalogytocleanliness.Traininguserstopracticegoodhygieneintheiractionscangoalongwaytowardassistingtheenterpriseindefendingagainsttheseattackvectors.
PhishingAttacksThebestdefenseagainstphishingandothersocialengineeringattacksisaneducatedandawarebodyofemployees.Continualrefreshertrainingaboutthetopicofsocialengineeringandspecificsaboutcurrentattacktrendsareneededtokeepemployeesawareofandpreparedfornewtrendsinsocialengineeringattacks.Attackersrelyuponanuneducated,complacent,ordistractedworkforcetoenabletheirattackvector.Socialengineeringhasbecomethegatewayformanyofthemostdamagingattacksinplaytoday.SocialengineeringiscoveredextensivelyinChapter4.
SocialNetworkingandP2PWiththeriseinpopularityofpeer-to-peer(P2P)communicationsand
socialnetworkingsites—notablyFacebook,Twitter,andLinkedIn—manypeoplehavegottenintoahabitofsharingtoomuchinformation.Usingastatusof“ReturningfromsalescalltoXYZcompany”revealsinformationtopeoplewhohavenoneedtoknowthisinformation.Confusingsharingwithfriendsandsharingbusinessinformationwiththosewhodon’tneedtoknowisalinepeoplearecrossingonaregularbasis.Don’tbetheemployeewhomixesbusinessandpersonalinformationandreleasesinformationtopartieswhoshouldnothaveit,regardlessofhowinnocuousitmayseem.Usersneedtounderstandtheimportanceofnotusingcommonprograms
suchastorrentsandotherfilesharingintheworkplace,astheseprogramscanresultininfectionmechanismsanddata-losschannels.Theinformationsecuritytrainingandawarenessprogramshouldcovertheseissues.Iftheissuesareproperlyexplainedtoemployees,theirmotivationtocomplywon’tsimplybetoavoidadversepersonnelactionforviolatingapolicy;theywillwanttoassistinthesecurityoftheorganizationanditsmission.
TrainingMetricsandComplianceTrainingandawarenessprogramscanyieldmuchinthewayofaneducatedandknowledgeableworkforce.Manylaws,regulations,andbestpracticeshaverequirementsformaintainingatrainedworkforce.Havingarecord-keepingsystemtomeasurecompliancewithattendanceandtomeasuretheeffectivenessofthetrainingisanormalrequirement.Simplyconductingtrainingisnotsufficient.Followingupandgatheringtrainingmetricstovalidatecomplianceandsecuritypostureisanimportantaspectofsecuritytrainingmanagement.Anumberoffactorsdeserveattentionwhenmanagingsecuritytraining.
Becauseofthediversenatureofrole-basedrequirements,maintaininganactive,up-to-datelistingofindividualtrainingandretrainingrequirementsisonechallenge.Monitoringtheeffectivenessofthetrainingisyetanotherchallenge.Creatinganeffectivetrainingandawarenessprogramwhen
measuredbyactualimpactonemployeebehaviorisachallengingendeavor.Trainingneedstobecurrent,relevant,andinterestingtoengageemployeeattention.Simplerepetitionofthesametrainingmaterialhasnotproventobeeffective,soregularlyupdatingtheprogramisarequirementifitistoremaineffectiveovertime.
TechTip
SecurityTrainingRecordsRequirementsforbothperiodictrainingandretrainingdrivetheneedforgoodtrainingrecords.Maintainingproperinformationsecuritytrainingrecordsisarequirementofseverallawsandregulationsandshouldbeconsideredabestpractice.
InteroperabilityAgreementsManybusinessoperationsinvolveactionsbetweenmanydifferentparties—somewithinanorganization,andsomeindifferentorganizations.Theseactionsrequirecommunicationbetweentheparties,definingtheresponsibilitiesandexpectationsoftheparties,thebusinessobjectives,andtheenvironmentwithinwhichtheobjectiveswillbepursued.Toensureanagreementisunderstoodbetweentheparties,writtenagreementsareused.Numerousformsoflegalagreementsandcontractsareusedinbusiness,butwithrespecttosecurity,someofthemostcommononesaretheservicelevelagreement,businesspartnershipagreement,memorandumofunderstanding,andinterconnectionsecurityagreement.
ServiceLevelAgreementsServicelevelagreements(SLAs)arecontractualagreementsbetweenentitiesthatdescribespecifiedlevelsofservicethattheservicingentityagreestoguaranteeforthecustomer.SLAsessentiallysettherequisite
levelofperformanceofagivencontractualservice.SLAsaretypicallyincludedaspartofaservicecontractandsettheleveloftechnicalexpectations.AnSLAcandefinespecificservices,theperformancelevelassociatedwithaservice,issuemanagementandresolution,andsoon.SLAsarenegotiatedbetweencustomerandsupplierandrepresenttheagreed-uponterms.Anorganizationcontractingwithaserviceprovidershouldremembertoincludeintheagreementasectiondescribingtheserviceprovider’sresponsibilityintermsofbusinesscontinuityanddisasterrecovery.Theprovider’sbackupplansandprocessesforrestoringlostdatashouldalsobeclearlydescribed.Typically,agoodSLAwillsatisfytwosimplerules.First,itwill
describetheentiresetofproductorservicefunctionsinsufficientdetailthattheirrequirementwillbeunambiguous.Second,theSLAwillprovideaclearmeansofdeterminingwhetheraspecifiedfunctionorservicehasbeenprovidedattheagreed-uponlevelofperformance.
BusinessPartnershipAgreementAbusinesspartnershipagreement(BPA)isalegalagreementbetweenpartnersestablishingtheterms,conditions,andexpectationsoftherelationshipbetweenthepartners.Thesedetailscancoverawiderangeofissues,includingtypicalitemssuchasthesharingofprofitsandlosses,theresponsibilitiesofeachpartner,theadditionorremovalofpartners,andanyotherissues.TheUniformPartnershipAct(UPA),establishedbystatelawandconvention,laysoutauniformsetofrulesassociatedwithpartnershipstoresolveanypartnershipterms.ThetermsinaUPAaredesignedas“onesizefitsall”andarenottypicallyinthebestinterestofanyspecificpartnership.ToavoidundesiredoutcomesthatmayresultfromUPAterms,itisbestforpartnershipstospelloutspecificsinaBPA.
MemorandumofUnderstandingAmemorandumofunderstanding(MOU)isalegaldocumentusedto
describeabilateralagreementbetweenparties.Itisawrittenagreementexpressingasetofintendedactionsbetweenthepartieswithrespecttosomecommonpursuitorgoal.Itismoreformalanddetailedthanasimplehandshake,butitgenerallylacksthebindingpowersofacontract.ItisalsocommontofindMOUsbetweendifferentunitswithinanorganizationtodetailexpectationsassociatedwiththecommonbusinessinterest.
InterconnectionSecurityAgreementAninterconnectionsecurityagreement(ISA)isaspecializedagreementbetweenorganizationsthathaveinterconnectedITsystems,thepurposeofwhichistodocumentthesecurityrequirementsassociatedwiththeinterconnection.AnISAcanbeapartofanMOUdetailingthespecifictechnicalsecurityaspectsofadatainterconnection.
BesureyouunderstandthedifferencesbetweentheinteroperabilityagreementsSLA,BPA,MOU,andISA.Thedifferenceshingeuponthepurposeforeachdocument.
TheSecurityPerimeterThediscussiontothispointhasnotincludedanymentionofthespecifictechnologyusedtoenforceoperationalandorganizationalsecurityoradescriptionofthevariouscomponentsthatconstitutetheorganization’ssecurityperimeter.Iftheaverageadministratorwereaskedtodrawadiagramdepictingthevariouscomponentsoftheirnetwork,thediagramwouldprobablylooksomethinglikeFigure3.1.
•Figure3.1Basicdiagramofanorganization’snetwork
Thesecurityperimeter,withitsseverallayersofsecurity,alongwithadditionalsecuritymechanismsthatmaybeimplementedoneachsystem(suchasuserIDs/passwords),createswhatissometimesknownasdefense-in-depth.Thisimpliesthatsecurityisenhancedwhentherearemultiplelayersofsecurity(thedepth)throughwhichanattackerwouldhavetopenetratetoreachthedesiredgoal.
Thisdiagramincludesthemajorcomponentstypicallyfoundinanetwork.TheconnectiontotheInternetgenerallyhassomesortofprotectionattachedtoitsuchasafirewall.Anintrusiondetectionsystem(IDS),alsooftenpartofthesecurityperimeterfortheorganization,maybeeitherontheinsideortheoutsideofthefirewall,oritmayinfactbeonbothsides.Thespecificlocationdependsonthecompanyandwhatitis
moreconcernedaboutpreventing(thatis,insiderthreatsorexternalthreats).Theroutercanalsobethoughtofasasecuritydevice,asitcanbeusedtoenhancesecuritysuchasinthecaseofwirelessroutersthatcanbeusedtoenforceencryptionsettings.Beyondthissecurityperimeteristhecorporatenetwork.Figure3.1isobviouslyaverysimpledepiction—anactualnetworkcanhavenumeroussubnetsandextranetsaswellaswirelessaccesspoints—butthebasiccomponentsarepresent.Unfortunately,ifthiswerethediagramprovidedbytheadministratortoshowtheorganization’sbasicnetworkstructure,theadministratorwouldhavemissedaveryimportantcomponent.AmoreastuteadministratorwouldprovideadiagrammorelikeFigure3.2.
•Figure3.2Amorecompletediagramofanorganization’snetwork
Thisdiagramincludesotherpossibleaccesspointsintothenetwork,includingthepublicswitchedtelephonenetwork(PSTN)andwirelessaccesspoints.Theorganizationmayormaynothaveanyauthorizedmodemsorwirelessnetworks,butthesavvyadministratorwouldrealizethatthepotentialexistsforunauthorizedversionsofboth.Whenconsideringthepolicies,procedures,andguidelinesneededtoimplement
securityfortheorganization,bothnetworksneedtobeconsidered.AnotherdevelopmentthathasbroughtthetelephoneandcomputernetworkstogetheristheimplementationofvoiceoverIP(VoIP),whicheliminatesthetraditionallandlinesinanorganizationandreplacesthemwithspecialtelephonesthatconnecttotheIPdatanetwork.WhileFigure3.2providesamorecomprehensiveviewofthevarious
componentsthatneedtobeprotected,itisstillincomplete.Mostexpertswillagreethatthebiggestdangertoanyorganizationdoesnotcomefromexternalattacksbutratherfromtheinsider—adisgruntledemployeeorsomebodyelsewhohasphysicalaccesstothefacility.Givenphysicalaccesstoanoffice,theknowledgeableattackerwillquicklyfindtheinformationneededtogainaccesstotheorganization’scomputersystemsandnetwork.Consequently,everyorganizationalsoneedssecuritypolicies,procedures,andguidelinesthatcoverphysicalsecurity,andeverysecurityadministratorshouldbeconcernedwiththeseaswell.Whilephysicalsecurity(whichcanincludesuchthingsaslocks,cameras,guardsandentrypoints,alarmsystems,andphysicalbarriers)willprobablynotfallunderthepurviewofthesecurityadministrator,theoperationalstateoftheorganization’sphysicalsecuritymeasuresisjustasimportantasmanyoftheothernetwork-centricmeasures.
AnincreasingnumberoforganizationsareimplementingVoIPsolutionstobringthetelephoneandcomputernetworkstogether.Whiletherearesometremendousadvantagestodoingthisintermsofbothincreasedcapabilitiesandpotentialmonetarysavings,bringingthetwonetworkstogethermayalsointroduceadditionalsecurityconcerns.Anothercommonmethodtoaccessorganizationalnetworkstodayisthroughwirelessaccesspoints.Thesemaybeprovidedbytheorganizationitselftoenhanceproductivity,ortheymaybeattachedtothenetworkbyuserswithoutorganizationalapproval.Theimpactofalloftheseadditionalmethodsthatcanbeusedtoaccessanetworkistoincreasethecomplexityofthesecurityproblem.
PhysicalSecurity
Physicalsecurityconsistsofallmechanismsusedtoensurethatphysicalaccesstothecomputersystemsandnetworksisrestrictedtoonlyauthorizedusers.Additionalphysicalsecuritymechanismsmaybeusedtoprovideincreasedsecurityforespeciallysensitivesystemssuchasserversanddevicessuchasrouters,firewalls,andintrusiondetectionsystems.Whenconsideringphysicalsecurity,accessfromallsixsidesshouldbeconsidered—notonlyshouldthesecurityofobviouspointsofentrybeexamined,suchasdoorsandwindows,butthewallsthemselvesaswellasthefloorandceilingshouldalsobeconsidered.Questionssuchasthefollowingshouldbeaddressed:
Isthereafalseceilingwithtilesthatcanbeeasilyremoved?
Dothewallsextendtotheactualceilingoronlytoafalseceiling?
Istherearaisedfloor?
Dothewallsextendtotheactualfloor,ordotheystopataraisedfloor?
Howareimportantsystemssituated?
Dothemonitorsfaceawayfromwindows,orcouldtheactivityofsomebodyatasystembemonitored?
Whohasaccesstothefacility?
Whattypeofaccesscontrolisthere,andarethereanyguards?
Whoisallowedunsupervisedaccesstothefacility?
Isthereanalarmsystemorsecuritycamerathatcoversthearea?
Whatproceduresgovernthemonitoringofthealarmsystemorsecuritycameraandtheresponseshouldunauthorizedactivitybedetected?
Thesearejustsomeofthenumerousquestionsthatneedtobeaskedwhenexaminingthephysicalsecuritysurroundingasystem.
TechTip
PhysicalSecurityIsAlsoImportanttoComputerSecurityComputersecurityprofessionalsrecognizethattheycannotrelyonlyoncomputersecuritymechanismstokeeptheirsystemssafe.Physicalsecuritymustbemaintainedaswell,becauseinmanycases,ifanattackergainsphysicalaccess,hecanstealdataanddestroythesystem.
PhysicalAccessControlsThepurposeofphysicalaccesscontrolsisthesameasthatofcomputerandnetworkaccesscontrols—youwanttorestrictaccesstoonlythosewhoareauthorizedtohaveit.Physicalaccessisrestrictedbyrequiringtheindividualtosomehowauthenticatethattheyhavetherightorauthoritytohavethedesiredaccess.Asincomputerauthentication,accessinthephysicalworldcanbebasedonsomethingtheindividualhas,somethingtheyknow,orsomethingtheyare.Frequently,whendealingwiththephysicalworld,theterms“authentication”and“accesscontrol”areusedinterchangeably.Themostcommonphysicalaccesscontroldevice,whichhasbeen
aroundinsomeformforcenturies,isalock.Combinationlocksrepresentanaccesscontroldevicethatdependsonsomethingtheindividualknows(thecombination).Lockswithkeysdependonsomethingtheindividualhas(thekey).Eachofthesehascertainadvantagesanddisadvantages.Combinationsdon’trequireanyextrahardware,buttheymustberemembered(whichmeansindividualsmaywritethemdown—asecurityvulnerabilityinitself)andarehardtocontrol.Anybodywhoknowsthecombinationmayprovideittosomebodyelse.Keylocksaresimpleandeasytouse,butthekeymaybelost,whichmeansanotherkeyhastobemadeorthelockhastoberekeyed.Keysmayalsobecopied,andtheirdisseminationcanbehardtocontrol.Newerlocksreplacethetraditionalkeywithacardthatmustbepassedthroughareaderorplacedagainstit.Theindividualmayalsohavetoprovideapersonalaccesscode,thus
makingthisformofaccessbothasomething-you-knowandsomething-you-havemethod.
TechTip
PhysicalandInformationSecurityConvergenceInhigh-securitysites,physicalaccesscontrolsandelectronicaccesscontrolstoinformationareinterlocked.Thismeansthatbeforedatacanbeaccessedfromaparticularmachine,thephysicalaccesscontrolsystemmustagreewiththefindingthattheauthorizedpartyispresent.
Inadditiontolocksondoors,othercommonphysicalsecuritydevicesincludevideosurveillanceandevensimpleaccesscontrollogs(sign-inlogs).Whilesign-inlogsdon’tprovideanactualbarrier,theydoprovidearecordofaccessand,whenusedinconjunctionwithaguardwhoverifiesanindividual’sidentity,candissuadepotentialadversariesfromattemptingtogainaccesstoafacility.Asmentioned,anothercommonaccesscontrolmechanismisahumansecurityguard.Manyorganizationsemployaguardtoprovideanextralevelofexaminationofindividualswhowanttogainaccesstoafacility.Otherdevicesarelimitedtotheirdesignedfunction.Ahumanguardcanapplycommonsensetosituationsthatmighthavebeenunexpected.Havingsecurityguardsalsoaddressesthecommonpracticeofpiggybacking(akatailgating),whereanindividualfollowsanotherpersoncloselytoavoidhavingtogothroughtheaccesscontrolprocedures.
BiometricsAccesscontrolsthatutilizesomethingyouknow(forexample,combinations)orsomethingyouhave(suchaskeys)arenottheonlymethodstolimitfacilityaccesstoauthorizedindividuals.Athirdapproachistoutilizesomethinguniqueabouttheindividual—theirfingerprints,forexample—toidentifythem.Unliketheothertwomethods,thesomething-you-aremethod,knownasbiometrics,doesnotrelyontheindividualto
eitherremembersomethingortohavesomethingintheirpossession.Biometricsisamoresophisticatedaccesscontrolapproachandcanbemoreexpensive.Biometricsalsosufferfromfalsepositivesandfalsenegatives,makingthemlessthan100percenteffective.Forthisreasontheyarefrequentlyusedinconjunctionwithanotherformofauthentication.Theadvantageistheuseralwayshasthem(cannotleaveathomeorshare)andtheytendtohavebetterentropythanpasswords.Othermethodstoaccomplishbiometricsincludehandwritinganalysis,retinalscans,irisscans,voiceprints,handgeometry,andfacialgeometry.
Therearemanysimilaritiesbetweenauthenticationandaccesscontrolsincomputersandinthephysicalworld.Rememberthethreecommontechniquesforverifyingaperson’sidentityandaccessprivileges:somethingyouknow,somethingyouhave,andsomethingaboutyou.
Bothaccesstocomputersystemsandnetworksandphysicalaccesstorestrictedareascanbecontrolledwithbiometrics.However,biometricmethodsforcontrollingphysicalaccessaregenerallynotthesameasthoseemployedforrestrictingaccesstocomputersystemsandnetworks.Handgeometry,forexample,requiresafairlylargedevice.Thiscaneasilybeplacedoutsideofadoortocontrolaccesstotheroombutwouldnotbeasconvenienttocontrolaccesstoacomputersystem,sinceareaderwouldneedtobeplacedwitheachcomputeroratleastwithgroupsofcomputers.Inamobileenvironmentwherelaptopsarebeingused,adevicesuchasahandgeometryreaderwouldbeunrealistic.
TechTip
BiometricDevicesOnceonlyseeninspyorsciencefictionmovies,biometricssuchashandandfingerprintreaders,eye-scanningtechnology,andvoiceprintdevicesarenowbecomingmorecommonintherealworld.Theaccuracyofthesedeviceshasimprovedandthecostshavedropped,
makingthemrealisticsolutionstomanyaccesscontrolsituations.
PhysicalBarriersAnevenmorecommonsecurityfeaturethanlocksisaphysicalbarrier.Physicalbarriershelpimplementthephysical-worldequivalentoflayeredsecurity.Theoutermostlayerofphysicalsecurityshouldcontainthemorepubliclyvisibleactivities.Aguardatagateinafence,forexample,wouldbevisiblebyallwhohappentopassby.Asyouprogressthroughthelayers,thebarriersandsecuritymechanismsshouldbecomelesspubliclyvisibletomakedeterminingwhatmechanismsareinplacemoredifficultforobservers.Signsarealsoanimportantelementinsecurity,astheyannouncetothepublicwhichareasarepublicandwhichareprivate.Amantrapcanalsobeusedinthislayeredapproach.Itgenerallyconsistsofasmallspacethatislargeenoughforonlyonepersonatatime,withtwolockingdoors.Anindividualhastoenterthefirstdoor,closethefirstdoor,thenattempttoopentheseconddoor.Ifunsuccessful,perhapsbecausetheydonothavetheproperaccesscode,thepersoncanbecaughtinsidethissmalllocationuntilsecuritypersonnelshowup.Inadditiontowallsandfences,openspacecanalsoserveasabarrier.
Whilethismayatfirstseemtobeanoddstatement,considertheuseoflargeareasofopenspacearoundafacility.Foranintrudertocrossthisopenspacetakestime—timeinwhichtheyarevulnerableandtheirpresencemaybediscovered.Intoday’senvironmentinwhichterroristattackshavebecomemorecommon,additionalprecautionsshouldbetakenforareasthatmaybeconsideredapossibletargetforterroristactivity.Inadditiontoopenspace,whichisnecessarytolessentheeffectofexplosions,concretebarriersthatstopvehiclesfromgettingtooclosetofacilitiesshouldalsobeused.Itisnotnecessaryforthesetobeunsightlyconcretewalls;manyfacilitieshaveplacedlarge,roundconcretecircles,filledthemwithdirt,andthenplantedflowersandotherplantstoconstructalarge,immovableplanter.
TechTip
SignsSignscanbeaneffectivecontrol,warningunauthorizedpersonnelnottoenter,locatingcriticalelementsforfirstresponders,andprovidingpathstoexitsinemergencies.Propersignageisanimportantaspectofphysicalsecuritycontrols.
EnvironmentalIssuesEnvironmentalissuesmaynotatfirstseemtoberelatedtosecurity,butwhenconsideringtheavailabilityofacomputersystemornetwork,theymustbetakenintoconsideration.Environmentalissuesincludeitemssuchasheating,ventilation,andairconditioning(HVAC)systems,electricalpower,andthe“environmentsofnature.”HVACsystemsareusedtomaintainthecomfortofanofficeenvironment.Afewyearsback,theywerealsocriticalforthesmoothoperationofcomputersystemsthathadlowtolerancesforhumidityandheat.Today’sdesktopsystemsaremuchmoretolerant,andthelimitingfactorisnowoftenthehumanuser.TheexceptiontothisHVAClimitationiswhenlargequantitiesofequipmentareco-located,inserverroomsandnetworkequipmentclosets.Intheseheat-denseareas,HVACisneededtokeepequipmenttemperatureswithinreasonableranges.OftencertainsecuritydevicessuchasfirewallsandintrusiondetectionsystemsarelocatedinthesesameequipmentclosetsandthelossofHVACsystemscancausethesecriticalsystemstofail.OneinterestingaspectofHVACsystemsisthattheythemselvesareoftencomputercontrolledandfrequentlyprovideremoteaccessviatelephoneornetworkconnections.Theseconnectionsshouldbeprotectedinasimilarmannertocomputermodems,orelseattackersmaylocatethemandchangetheHVACsettingsforanofficeorbuilding.
HVACsystemsforserverroomsandnetworkequipmentclosetsareimportantbecausethedenseequipmentenvironmentcangeneratesignificantamountsofheat.HVACoutagescanresultintemperaturesthatareoutsideequipmentoperatingranges,forcingshutdowns.
Electricalpowerisobviouslyanessentialrequirementforcomputersystemsandnetworks.Electricalpowerissubjecttomomentarysurgesanddisruption.Surgeprotectorsareneededtoprotectsensitiveelectronicequipmentfromfluctuationsinvoltage.Anuninterruptiblepowersupply(UPS)shouldbeconsideredforcriticalsystemssothatalossofpowerwillnothaltprocessing.ThesizeofthebatteriesassociatedwithaUPSwilldeterminetheamountoftimethatitcanoperatebeforeittoolosespower.Manysitesensuresufficientpowertoprovideadministratorstheopportunitytocleanlybringthesystemornetworkdown.Forinstallationsthatrequirecontinuousoperations,evenintheeventofapoweroutage,electricgeneratorsthatautomaticallystartwhenalossofpowerisdetectedcanbeinstalled.Thesesystemsmaytakeafewsecondstostartbeforetheyreachfulloperation,soaUPSshouldalsobeconsideredtosmooththetransitionbetweennormalandbackuppower.
FireSuppressionFiresareacommondisasterthatcanaffectorganizationsandtheircomputingequipment.Firedetectionandfiresuppressiondevicesaretwoapproachestoaddressingthisthreat.Detectorscanbeusefulbecausesomemaybeabletodetectafireinitsveryearlystagesbeforeafiresuppressionsystemisactivated,andtheycanpotentiallysoundawarning.Thiswarningcouldprovideemployeeswiththeopportunitytodealwiththefirebeforeitbecomesseriousenoughforthefiresuppressionequipmenttokickin.Suppressionsystemscomeinseveralvarieties,includingsprinkler-basedsystemsandgas-basedsystems.Standardsprinkler-basedsystemsarenotoptimalfordatacentersbecausewaterwill
ruinlargeelectricalinfrastructuresandmostintegratedcircuit–baseddevices—suchascomputers.Gas-basedsystemsareagoodalternative,thoughtheyalsocarryspecialconcerns.MoreextensivecoverageoffiredetectionandsuppressionisprovidedinChapter8.
WirelessWhensomeonetalksaboutwirelesscommunication,theygenerallyarereferringtocellulartelephones(“cellphones”).Thesedeviceshavebecomeubiquitousintoday’smodernofficeenvironment.Acellphonenetworkconsistsofthephonesthemselves,thecellswiththeiraccompanyingbasestationsthattheyareusedin,andthehardwareandsoftwarethatallowthemtocommunicate.Thebasestationsaremadeupofantennas,receivers,transmitters,andamplifiers.Thebasestationscommunicatewiththosecellphonesthatarecurrentlyinthegeographicalareathatisservicedbythatstation.Asapersontravelsacrosstown,theymayexitandentermultiplecells.Thestationsmustconductahandofftoensurecontinuousoperationforthecellphone.Astheindividualmovestowardtheedgeofacell,amobileswitchingcenternoticesthepowerofthesignalbeginningtodrop,checkswhetheranothercellhasastrongersignalforthephone(cellsfrequentlyoverlap),and,ifso,switchesoperationtothisnewcellandbasestation.Allofthisisdonewithouttheusereverknowingthattheyhavemovedfromonecelltoanother.Wirelesstechnologycanalsobeusedfornetworking.Therearetwo
mainstandardsforwirelessnetworktechnology.Bluetoothisdesignedasashort-range(approximatelytenmeters)personalareanetwork(PAN)cable-replacementtechnologythatcanbebuiltintoavarietyofdevices,suchasmobilephones,tablets,andlaptopcomputers.Theideaistocreatelow-costwirelesstechnologysothatmanydifferentdevicescancommunicatewitheachother.Bluetoothisalsointerestingbecause,unlikeotherwirelesstechnology,itisdesignedsothatdevicescantalkdirectlywitheachotherwithouthavingtogothroughacentraldevice(suchasthebasestationdescribedpreviously).Thisisknownaspeer-to-peer
communication.
TechTip
WirelessNetworkSecurityIssuesDuetoanumberofadvantages,suchastheabilitytotakeyourlaptopwithyouasyoumovearoundyourbuildingandstillstayconnected,wirelessnetworkshavegrowninpopularity.Theyalsoeliminatetheneedtostringnetworkcablesallovertheoffice.Atthesametime,however,theycanbeasecuritynightmareifnotadequatelyprotected.Thesignalforyournetworkdoesn’tstopatyourofficedoororwalljustbecauseitisthere.Itwillcontinuepropagatingtoareasthatmaybeopentoanybody.Thisprovidestheopportunityforotherstoaccessyournetwork.Toavoidthis,youmusttakestepssuchasencryptingtransmissionssothatyourwirelessnetworkdoesn’tbecometheweaklinkinyoursecuritychain.
TheothermajorwirelessstandardistheIEEE802.11setofstandards,whichiswellsuitedforthelocalareanetwork(LAN)environment.802.11networkscanoperateeitherinanadhocpeer-to-peerfashionorininfrastructuremode,whichismorecommon.Ininfrastructuremode,computerswith802.11networkcardscommunicatewithawirelessaccesspoint.Thisaccesspointconnectstothenetworksothatthecomputerscommunicatingwithitareessentiallyalsoconnectedtothenetwork.Whilewirelessnetworksareveryusefulintoday’smodernoffice(and
home),theyarenotwithouttheirsecurityproblems.Accesspointsaregenerallyplacedthroughoutabuildingsothatallemployeescanaccessthecorporatenetwork.Thetransmissionandreceptionareascoveredbyaccesspointsarenoteasilycontrolled.Consequently,manypubliclyaccessibleareasmightfallintotherangeofoneoftheorganization’saccesspoints,oritsBluetooth-enabledsystems,andthusthecorporatenetworkmaybecomevulnerabletoattack.Wirelessnetworksaredesignedtoincorporatesomesecuritymeasures,butalltoooftenthenetworksaresetupwithoutsecurityenabled,andserioussecurityflawsexistinthe802.11design.
CrossCheckWirelessNetworksWirelessnetworksecurityisdiscussedinthischapterinrelationshiptophysicalissuessuchastheplacementofwirelessaccesspoints.Thereare,however,numerousotherissueswithwirelesssecurity,whicharediscussedinChapter12.Makesuretounderstandhowthephysicallocationofwirelessaccesspointsaffectstheotherwirelesssecurityissues.
ElectromagneticEavesdroppingIn1985,apaperbyWimvanEckoftheNetherlandsdescribedwhatbecameknownasthevanEckphenomenon.InthepapervanEckdescribedhoweavesdroppingonwhatwasbeingdisplayedonmonitorscouldbeaccomplishedbypickingupandthendecodingtheelectromagneticinterferenceproducedbythemonitors.Withtheappropriateequipment,theexactimageofwhatisbeingdisplayedcanbere-createdsomedistanceaway.Whiletheoriginalpaperdiscussedemanationsastheyappliedtovideodisplayunits(monitors),thesamephenomenonappliestootherdevicessuchasprintersandcomputers.Thisphenomenonhadactuallybeenknownaboutforquitesometime
beforevanEckpublishedhispaper.TheU.S.DepartmentofDefenseusedthetermTEMPEST(referredtobysomeastheTransientElectroMagneticPulseEmanationSTandard)todescribebothaprograminthemilitarytocontroltheseelectronicemanationsfromelectricalequipmentandtheactualprocessforcontrollingtheemanations.Therearethreebasicwaystopreventtheseemanationsfrombeingpickedupbyanattacker:
Puttheequipmentbeyondthepointthattheemanationscanbepickedup.
Provideshieldingfortheequipmentitself.
Provideashieldedenclosure(suchasaroom)toputtheequipmentin.
Oneofthesimplestwaystoprotectagainstequipmentbeingmonitoredinthisfashionistoputenoughdistancebetweenthetargetandtheattacker.Theemanationscanbepickedupfromonlyalimiteddistance.Ifthephysicalsecurityforthefacilityissufficienttoputenoughspacebetweentheequipmentandpubliclyaccessibleareasthatthesignalscannotbepickedup,thentheorganizationdoesn’thavetotakeanyadditionalmeasurestoensuresecurity.Distanceisnottheonlywaytoprotectagainsteavesdroppingon
electronicemanations.Devicescanbeshieldedsotheiremanationsareblocked.Acquiringenoughpropertytoprovidethenecessarydistanceneededtoprotectagainstaneavesdroppermaybepossibleifthefacilityisinthecountrywithlotsofavailablelandsurroundingit.Indeed,forsmallerorganizationsthatoccupyonlyafewofficesorfloorsinalargeofficebuilding,itwouldbeimpossibletoacquireenoughspace.Inthiscase,theorganizationmayresorttopurchasingshieldedequipment.A“TEMPESTapproved”computerwillcostsignificantlymorethanwhatanormalcomputerwouldcost.Shieldingaroom(inwhatisknownasaFaradaycage)isalsoanextremelyexpensiveendeavor.
Oneofthechallengesinsecurityisdetermininghowmuchtospendonsecuritywithoutspendingtoomuch.Securityspendingshouldbebasedonlikelythreatstoyoursystemsandnetwork.Whileelectronicemanationscanbemonitored,thelikelihoodofthistakingplaceinmostsituationsisremote,whichmakesspendingonitemstoprotectagainstitatbestalowpriority.
Anaturalquestiontoaskis,howprevalentisthisformofattack?Theequipmentneededtoperformelectromagneticeavesdroppingisnotreadilyavailable,butitwouldnotcostaninordinateamountofmoneytoproduceit.Thecostcouldcertainlybeaffordedbyanylargecorporation,andindustrialespionageusingsuchadeviceisapossibility.Whiletherearenopublicrecordsofthissortofactivitybeingconducted,itisreasonabletoassumethatitdoestakeplaceinlargecorporationsandthegovernment,especiallyinforeigncountries.
ModernEavesdroppingNotjustelectromagneticinformationcanbeusedtocarryinformationoutofasystemtoanadversary.Recentadvanceshavedemonstratedthefeasibilityofusingthewebcamsandmicrophonesonsystemstospyonusers,recordingkeystrokesandotheractivities.Thereareevendevicesbuilttointerceptthewirelesssignalsbetweenwirelesskeyboardsandmiceandtransmitthemoveranotherchanneltoanadversary.USB-basedkeyloggerscanbeplacedinthebackofmachines,asinmanycasesthebackofamachineisunguardedorfacingthepublic(watchforthisthenexttimeyouseeareceptionist’smachine).
Chapter3Review
ChapterSummaryAfterreadingthischapterandcompletingtheexercises,youshouldunderstandthefollowingregardingoperationalandorganizationalsecurity.
Identifyvariousoperationalaspectstosecurityinyourorganization
Preventiontechnologiesaredesignedtokeepindividualsfrombeingabletogainaccesstosystemsordatatheyarenotauthorizedtouse.
Previouslyinoperationalenvironments,preventionwasextremelydifficultandrelyingonpreventiontechnologiesalonewasnotsufficient.Thisledtotheriseoftechnologiestodetectandrespondtoeventsthatoccurwhenpreventionfails.
Animportantpartofanyorganization’sapproachtoimplementingsecurityistoestablishpolicies,procedures,standards,andguidelinestodetailwhatusersandadministratorsshouldbedoingtomaintainthe
securityofthesystemsandnetwork.
Identifyvariouspoliciesandproceduresinyourorganization
Policies,procedures,standards,andguidelinesareimportantinestablishingasecurityprogramwithinanorganization.
Thesecuritypolicyandsupportingpoliciesplayanimportantroleinestablishingandmanagingsystemrisk.
PoliciesandproceduresassociatedwithHumanResourcesfunctionalityincludejobrotation,mandatoryvacations,andhiringandterminationpolicies.
Identifythesecurityawarenessandtrainingneedsofanorganization
Securitytrainingandawarenesseffortsarevitalinengagingtheworkforcetoactwithinthedesiredrangeofconductwithrespecttosecurity.
Securityawarenessandtrainingisimportantinachievingcomplianceobjectives.
Securityawarenessandtrainingshouldbemeasuredandmanagedaspartofacomprehensivesecurityprogram.
Understandthedifferenttypesofagreementsemployedinnegotiatingsecurityrequirements
Thedifferentinteroperabilityagreements,includingSLA,BPA,MOUandISA,areusedtoestablishsecurityexpectationsbetweenvariousparties.
Describethephysicalsecuritycomponentsthatcanprotectyourcomputersandnetwork
Physicalsecurityconsistsofallmechanismsusedtoensurethatphysicalaccesstothecomputersystemsandnetworksisrestrictedto
onlyauthorizedusers.
Thepurposeofphysicalaccesscontrolsisthesameasthatofcomputerandnetworkaccesscontrols—torestrictaccesstoonlythosewhoareauthorizedtohaveit.
Thecarefulplacementofequipmentcanprovidesecurityforknownsecurityproblemsexhibitedbywirelessdevicesandthatariseduetoelectronicemanations.
Identifyenvironmentalfactorsthatcanaffectsecurity
Environmentalissuesareimportanttosecuritybecausetheycanaffecttheavailabilityofacomputersystemornetwork.
LossofHVACsystemscanleadtooverheatingproblemsthatcanaffectelectronicequipment,includingsecurity-relateddevices.
Thefrequencyofnaturaldisastersisacontributingfactorthatmustbeconsideredwhenmakingcontingencyprocessingplansforaninstallation.
Firesareacommonproblemfororganizations.Twogeneralapproachestoaddressingthisproblemarefiredetectionandfiresuppression.
Identifyfactorsthataffectthesecurityofthegrowingnumberofwirelesstechnologiesusedfordatatransmission
Wirelessnetworkshavemanysecurityissues,includingthetransmissionandreceptionareascoveredbyaccesspoints,whicharenoteasilycontrolledandcanthusprovideeasynetworkaccessforintruders.
Preventdisclosurethroughelectronicemanations
Withtheappropriateequipment,theexactimageofwhatisbeingdisplayedonacomputermonitorcanbere-createdsomedistance
away,allowingeavesdropperstoviewwhatyouaredoing.
Providingalotofdistancebetweenthesystemyouwishtoprotectandtheclosestplaceaneavesdroppercouldbeisonewaytoprotectagainsteavesdroppingonelectronicemanations.Devicescanalsobeshieldedsothattheiremanationsareblocked.
KeyTermsacceptableusepolicy(AUP)(50)biometrics(62)Bluetooth(65)businesspartnershipagreement(BPA)(59)duecare(53)duediligence(53)guidelines(43)heating,ventilation,andairconditioning(HVAC)(63)IEEE802.11(65)incidentresponsepolicy(54)interconnectionsecurityagreement(ISA)(59)memorandumofunderstanding(MOU)(59)physicalsecurity(61)policies(43)procedures(43)securitypolicy(44)servicelevelagreement(SLA)(59)standards(43)TEMPEST(66)uninterruptiblepowersupply(UPS)(64)userhabits(57)
KeyTermsQuizUsetermsfromtheKeyTermslisttocompletethesentencesthatfollow.Don’tusethesametermmorethanonce.Notalltermswillbeused.
1._______________arehigh-levelstatementsmadebymanagementthatlayouttheorganization’spositiononsomeissue.
2.Thecollectivetermusedtorefertothesystemsthatareusedtomaintainthecomfortofanofficeenvironmentandthatareoftencontrolledbycomputersystemsis_______________.
3.A(n)_______________isadevicedesignedtoprovidepowertoessentialequipmentforaperiodoftimewhennormalpowerislost.
4._______________areafoundationalsecuritytoolinengagingtheworkforcetoimprovetheoverallsecuritypostureofanorganization.
5._______________areacceptedspecificationsprovidingspecificdetailsonhowapolicyistobeenforced.
6._______________isawirelesstechnologydesignedasashort-range(approximatelytenmeters)personalareanetwork(PAN)cable-replacementtechnologythatmaybebuiltintoavarietyofdevicessuchasmobilephones,tablets,andlaptopcomputers.
7.A(n)_______________isalegaldocumentusedtodescribeabilateralagreementbetweenparties.
8._______________arestep-by-stepinstructionsthatdescribeexactlyhowemployeesareexpectedtoactinagivensituationortoaccomplishaspecifictask.
9.ThesetofstandardsforwirelessnetworksthatiswellsuitedfortheLANenvironmentandwhosenormalmodeistohavecomputerswithnetworkcardscommunicatingwithawirelessaccesspointis_______________.
10.A(n)_______________isalegalagreementbetweenorganizationsestablishingtheterms,conditions,andexpectationsoftherelationshipbetweenthem.
Multiple-ChoiceQuiz1.Whichofthefollowingisaphysicalsecuritythreat?
A.Cleaningcrewsareallowedunsupervisedaccessbecausetheyhaveacontract.
B.Employeesundergobackgroundcriminalchecksbeforebeinghired.
C.Alldataisencryptedbeforebeingbackedup.
D.Alltheabove.
2.Thebenefitoffiredetectionequipmentoverfiresuppressiondevicesis:
A.Firedetectionequipmentisregulated,whereasfiresuppressionequipmentisnot.
B.Firedetectionequipmentwilloftencatchfiresatamuchearlierstage,meaningthatthefirecanbeaddressedbeforesignificantdamagecanoccur.
C.Firedetectionequipmentismuchmorereliablethanfiresuppressionequipment.
D.Thereisnoadvantageoffiredetectionoverfiresuppressionotherthanthecostoffiredetectionequipmentismuchlessthanthecostoffiresuppressionequipment.
3.Whichofthefollowingisacontractualagreementbetweenentitiesthatdescribesspecifiedlevelsofservicethattheservicingentityagreestoguaranteeforthecustomer?
A.Servicelevelagreement
B.Supportlevelagreement
C.Memorandumofunderstanding
D.Businessserviceagreement
4.Duringwhichstepofthepolicylifecycledoestrainingofuserstakeplace?
A.Planforsecurity.
B.Implementtheplans.
C.Monitortheimplementation.
D.Evaluateforeffectiveness.
5.Biometricaccesscontrolsaretypicallyusedinconjunctionwithanotherformofaccesscontrolbecause:
A.Biometricsarestillexpensive.
B.Biometricscannotbecopied.
C.Biometricsarenotalwaysconvenienttouse.
D.Biometricsarenot100percentaccurate,havingsomelevelofmisidentifications.
6.Procedurescanbedescribedas:A.High-level,broadstatementsofwhattheorganizationwantsto
accomplish
B.Step-by-stepinstructionsonhowtoimplementthepolicies
C.Mandatoryelementsregardingtheimplementationofapolicy
D.Recommendationsrelatingtoapolicy
7.Whattechniquecanbeusedtoprotectagainstelectromagnetic
eavesdropping(knownasthevanEckphenomenon)?
A.Providesufficientdistancebetweenthepotentialtargetandthenearestlocationanattackercouldbe.
B.Puttheequipmentthatyouaretryingtoprotectinsideashieldedroom.
C.Purchase“TEMPESTapproved”equipment.
D.Alloftheabove.
8.Keyuserhabitsthatcanimprovesecurityeffortsinclude:A.Donotdiscussbusinessissuesoutsideoftheoffice.
B.Neverleavelaptopsortabletsinsideyourcarunattended.
C.Bealertofpeopleviolatingphysicalaccessrules(piggybackingthroughdoors).
D.ItemsBandC.
9.Whenshouldahumansecurityguardbeusedforphysicalaccesscontrol?
A.Whenotherelectronicaccesscontrolmechanismswillnotbeacceptedbyemployees
B.Whennecessarytoavoidissuessuchaspiggybacking,whichcanoccurwithelectronicaccesscontrols
C.Whenotheraccesscontrolsaretooexpensivetoimplement
D.Whentheorganizationwantstoenhanceitsimage
10.Whatdeviceshouldbeusedbyorganizationstoprotectsensitiveequipmentfromfluctuationsinvoltage?
A.Asurgeprotector
B.Anuninterruptiblepowersupply
C.Abackuppowergenerator
D.Aredundantarrayofinlinebatteries(RAIB)
EssayQuiz1.Describethedifferencebetweenfiresuppressionandfiredetection
systems.
2.Discusswhyphysicalsecurityisalsoimportanttocomputersecurityprofessionals.
3.WhyshouldwebeconcernedaboutHVACsystemswhendiscussingsecurity?
4.Outlinethevariouscomponentsthatmakeup(orshouldmakeup)anorganization’ssecurityperimeter.Whichofthesecanbefoundinyourorganization(orschool)?
LabProjects
•LabProject3.1Takeatourofyourbuildingoncampusoratwork.Whatissecuredatnightwhenworkersareabsent?Recordthelocationandtypeofphysicalaccesscontroldevices.Howdotheseaccesscontrolschangeatnightwhenworkersareabsent?Howwelltraineddoguardsandotheremployeesappeartobe?Dotheyallow“piggybacking”(somebodyslippingintoafacilitybehindanauthorizedindividualwithoutbeingchallenged)?Whatarethepoliciesforvisitorsandcontractors?Howdoesthisallimpactphysicalsecurity?
•LabProject3.2Describethefourstepsofthepolicylifecycle.Obtainapolicyfromyourorganization(suchasanacceptableusepolicyorInternetusagepolicy).Howareusersinformedofthispolicy?Howoftenisitreviewed?Howwouldchangestoitbesuggestedandwhowouldmakedecisionsonwhetherthechangeswereaccepted?
chapter4 TheRoleofPeopleinSecurity
Youarethewayyouarebecausethat’sthewayyouwanttobe.Ifyoureallywantedtobeanydifferent,youwouldbeintheprocessofchangingrightnow.
T
—FREDSMITH
Inthischapter,youwilllearnhowto
Definebasicterminologyassociatedwithsocialengineering
Describestepsorganizationscantaketoimprovetheirsecurity
Describecommonuseractionsthatmayputanorganization’sinformationatrisk
Recognizemethodsattackersmayusetogaininformationaboutanorganization
Determinewaysinwhichuserscanaidinsteadofdetractfromsecurity
Recognizetheroletrainingandawarenessplaysinassistingthepeoplesideofsecurity
heoperationalmodelofcomputersecuritydiscussedinthepreviouschapteracknowledgesthatabsoluteprotectionofcomputersystemsandnetworksisnotpossibleandthatweneedtobepreparedtodetect
andrespondtoattacksthatareabletocircumventoursecuritymechanisms.Anotherverybasicfactthatshouldberecognizedisthattechnologyalonewillnotsolvethesecurityproblem.Nomatterhowadvancedthetechnologyis,itwillultimatelybedeployedinanenvironmentwherehumansexist.Itisthehumanelementthatposesthebiggestsecuritychallenge.Itishardtocompensateforallofthepossiblewaysthathumanscandeliberatelyoraccidentallycausesecurityproblemsorcircumventoursecuritymechanisms.Despiteallofthetechnology,despiteallofthesecurityprocedureswehaveinplace,anddespiteallofthesecuritytrainingwemayprovide,somebodywillinvariablyfailtodowhattheyaresupposedtodo,ordosomethingtheyarenotsupposedtodo,andcreateavulnerabilityintheorganization’ssecurityposture.Thischapterdiscussesthehumanelementandtherolethatpeopleplayinsecurity—boththeuserpracticesthatcanaidinsecuringanorganizationandthevulnerabilitiesorholesinsecuritythatuserscanintroduce.
People—ASecurityProblem
Theoperationalmodelofcomputersecurityacknowledgesthatpreventiontechnologiesarenotsufficienttoprotectourcomputersystemsandnetworks.Thereareanumberofexplanationsforwhythisistrue,someofthemtechnical,butoneofthebiggestreasonsthatpreventiontechnologiesarenotsufficientisthateverynetworkandcomputersystemhasatleastonehumanuser,andhumansarepronetomakemistakesandareofteneasilymisledorfooled.
SocialEngineeringSocialengineering,ifyourecallfromChapter2,istheprocessofconvincinganauthorizedindividualtoprovideconfidentialinformationoraccesstoanunauthorizedindividual.Itisatechniqueinwhichtheattackerusesvariousdeceptivepracticestoconvincethetargetedpersontodivulgeinformationtheynormallywouldnotdivulgeortoconvincethetargetoftheattacktodosomethingtheynormallywouldn’tdo.Socialengineeringisverysuccessfulfortwogeneralreasons.Thefirstisthebasicdesireofmostpeopletobehelpful.Whensomebodyasksaquestionforwhichweknowtheanswer,ournormalresponseisnottobesuspiciousbutrathertoanswerthequestion.Theproblemwiththisisthatseeminglyinnocuousinformationcanbeusedeitherdirectlyinanattackorindirectlytobuildabiggerpicturethatanattackercanusetocreateanauraofauthenticityduringanattack—themoreinformationanindividualhasaboutanorganization,theeasieritwillbetoconvinceothersthatheispartoftheorganizationandhasarighttoevensensitiveinformation.Anattackerwhoisattemptingtoexploitthenaturaltendencyofpeopletobehelpfulmaytakeoneofseveralapproaches:
TechTip
SocialEngineeringWorks!Skilledsocialengineerssetupscenarioswherethevictimisboxedinbyvarioussocial/work
issuesandthenmakesanexceptionthatenablesthesocialengineertogainsomeformofaccess.Theattackercanpretendtobeanimportantpartyandintimidatealower-levelemployee,orcreateasenseofemergency,scarcity,orurgencythatmovesthevictimtoactinamannertoreducetheconflict.Theattackercanbecomea“victim,”creatingasenseoffellowshipwiththetarget,creatingafalsesenseoffamiliarity,andthenusingthattodriveanaction.SocialengineerscansellicetoEskimosandmakethemproudoftheirpurchase,sotheyaremastersatpsychologicalmanipulation.
Theattackermaysimplyaskaquestion,hopingtoimmediatelyobtainthedesiredinformation.Forbasicinformationthatisnotconsideredsensitive,thisapproachgenerallyworks.Asanexample,anattackermightcallandaskwhotheITmanageris.
Theattackermayfirstattempttoengagethetargetinconversationandtrytoevokesympathysothatthetargetfeelssorryfortheindividualandismorepronetoprovidetheinformation.Forinformationthatisevenslightlysensitiveinnature,therequestofwhichcouldpossiblyarousesuspicion,thistechniquemaybetried.Asanexample,anattackermightcallandclaimtobeundersomedeadlinefromasupervisorwhoisupsetforsomereason.Thetarget,feelingsorryforanallegedfellowworker,maygiveuptheinformation,thinkingtheyarehelpingthemavoidtroublewiththesupervisor.
Theattackermayappealtoanindividual’sego.Asanexample,anattackermightcalltheITdepartment,claimingtohavesomesortofproblem,andpraisingthemforworktheysupposedlydidtohelpanotherworker.Afterbeingtoldhowgreattheyareandhowmuchtheyhelpedsomebodyelse,theywilloftenbetemptedtodemonstratethattheycansupplythesamelevelofhelptoanotherindividual.Thistechniquemaybeusedtoobtainsensitiveinformation,suchashavingthetarget’spasswordreset.
Thesecondreasonthatsocialengineeringissuccessfulisthatindividualsnormallyseektoavoidconfrontationandtrouble.Iftheattackerattemptstointimidatethetarget,threateningtocallthetarget’s
supervisorbecauseofalackofhelp,thetargetmaygiveinandprovidetheinformationtoavoidconfrontation.Thisvariationontheattackisoftensuccessfulinorganizationsthathaveastricthierarchicalstructure.Inthemilitary,forexample,alower-rankingindividualmaybecoercedintoprovidinginformationtoanindividualclaimingtobeofhigherrankortobeworkingforanotherindividualhigherupinthechainofcommand.Socialengineeringmayalsobeaccomplishedusingothermeansbesides
directcontactbetweenthetargetandtheattacker.Forexample,anattackermightsendaforgede-mailwithalinktoaboguswebsitethathasbeensetuptoobtaininformationfromthetargetorconvincethetargettoperformsomeaction.Again,thegoalinsocialengineeringistoconvincethetargettoprovideinformationthattheynormallywouldn’tdivulgeortoperformsomeactthattheynormallywouldnotdo.Anexampleofaslightlydifferentattackthatisgenerallystillconsideredasocialengineeringattackisoneinwhichanattackerreplacestheblankdepositslipsinabank’slobbywithonescontaininghisorherownaccountnumberbutnoname.Whenanunsuspectingcustomerusesoneoftheslips,atellerwhoisnotobservantmayendupcreditingtheattacker’saccountwiththedeposit.
CrossCheckTypesofSocialEngineeringChapters1and2bothdiscussedsocialengineering.Electronicversionsofsocialengineeringhavebecomeverycommon.Whatarethedifferenttypesofsocialengineering(especiallyelectronicversions)thatwehavediscussed?
ObtainingInsiderInformationAnexcellentexampleofsocialengineeringoccurredin1978whenStanleyMarkRifkin,fromCarlsbad,California,stole$10.2millionfromtheSecurityPacificBankinLosAngeles.Detailsofthestoryvary,asRifkinhasneverpubliclydetailedhisactions,butanumberoffactsareknown.Atthetimeoftheattack,Rifkinwasworkingasacomputerconsultantfor
thebank.Whileworkingthere,helearneddetailsonhowmoneycouldeasilybetransferredtoaccountsanywhereintheUnitedStates.Theproblemwouldbetoactuallyobtainthemoneyinthefirstplace.Inordertodothis,heneededtohaveaccesstotheelectronicfundstransfer(EFT)codeusedbythebanktotransfermoneytootherbanks.Usingtheexcuseofcheckingonthecomputerequipmentinsideoftheroomfromwhichthebankmadeitstransfers,Rifkinwasabletoobservethecodeforthatday.Afterleavingtheroom,heusedthisinformationtoimpersonateabankofficerandorderedthetransferofthe$10.2million.Sincehehadknowledgeofthesupposedlysecretcode,thetransferwasmadewithlittlefanfare(thisamountwaswellbelowanylevelthatwouldtriggeranysuspicion).EarlierRifkinhadsetupabogusaccountinaNewYorkbank,usingafalsename,andhedepositedthemoneyintothataccount.HelatertransferredthemoneyagaintoanotheraccountinSwitzerlandunderadifferentname.Hethenusedthemoneytopurchasemillionsofdollarsindiamonds,whichhethensmuggledbackintotheUnitedStates.Thecrimemighthavegoneundetectedifhehadnotboastedofhisexploitstoanindividualwhowasmorethanhappytoturnhimin.In1979,Rifkinwassentencedtoeightyearsinprison.Athistrialheattemptedtoconvincethejudgethatheshouldbereleasedsohecouldteachothershowtoprotecttheirsystemsagainstthetypeofactivityheperpetrated.Thejudgedeniedthisrequest.Thediamondswereultimatelyturnedovertothebank,whichtriedtorecoveritslossbysellingthem.
Uptothispoint,socialengineeringhasbeendiscussedinthecontextofanoutsiderattemptingtogaininformationabouttheorganization.Thisdoesnothavetobethecase.Insidersmayalsoattempttogaininformationtheyarenotauthorizedtohave.Inmanycases,theinsidermaybemuchmoresuccessfulsincetheywillalreadyhaveacertainlevelofinformationregardingtheorganizationandcanthereforebetterspinastorythatmaybebelievabletootheremployees.
PhishingPhishing(pronounced“fishing”)isatypeofsocialengineeringinwhich
anattackerattemptstoobtainsensitiveinformationfromauserbymasqueradingasatrustedentityinane-mailorinstantmessagesenttoalargegroupofoftenrandomusers.Theattackerattemptstoobtaininformationsuchasusernames,passwords,creditcardnumbers,anddetailsabouttheuser’sbankaccounts.ThemessagesentoftenencouragestheusertogotoawebsitethatappearstobeforareputableentitysuchasPayPaloreBay,bothofwhichhavefrequentlybeenusedinphishingattempts.Thewebsitetheuseractuallyvisitsisnotownedbythereputableorganization,however,andaskstheusertosupplyinformationthatcanbeusedinalaterattack.Oftenthemessagesenttotheuserwillstatethattheuser’saccounthasbeencompromisedandwillrequest,forsecuritypurposes,theusertoentertheiraccountinformationtoverifythedetails.Inanotherverycommonexampleofphishing,theattackersendsabulk
e-mail,supposedlyfromabank,tellingtherecipientsthatasecuritybreachhasoccurredandinstructingthemtoclickalinktoverifythattheiraccounthasnotbeentamperedwith.Iftheindividualactuallyclicksthelink,theyaretakentoasitethatappearstobeownedbythebankbutisactuallycontrolledbytheattacker.Whentheysupplytheiraccountandpasswordfor“verification”purposes,theyareactuallygivingittotheattacker.
Phishingisnowthemostcommonformofsocialengineeringattackrelatedtocomputersecurity.Thetargetmaybeacomputersystemandaccesstotheinformationfoundonit(suchasisthecasewhenthephishingattemptasksforauserIDandpassword)orthetargetmaybepersonalinformation,generallyfinancial,aboutanindividual(inthecaseofphishingattemptsthataskforanindividual’sbankinginformation).
Thee-mailsandwebsitesgeneratedbytheattackersoftenappeartobelegitimate.Afewclues,however,cantipofftheuserthatthee-mailmightnotbewhatitclaimstobe.Thee-mailmaycontaingrammaticalandtypographicalerrors,forexample.Organizationsthatareusedinthese
phishingattempts(suchaseBayandPayPal)arecarefulabouttheirimagesandwillnotsendasecurity-relatede-mailtouserscontainingobviouserrors.Inaddition,almostunanimously,organizationstelltheirusersthattheywillneveraskforsensitiveinformation(suchasapasswordoraccountnumber)viaane-mail.TheURLofthewebsitethattheusersaretakentomayalsoprovideacluethatthesiteisnotwhatitappearstobe.Despitetheincreasingmediacoverageconcerningphishingattempts,someInternetusersstillfallforthem,whichresultsinattackerscontinuingtousethisrelativelycheapmethodtogaintheinformationtheyareseeking.
Anotherspecializedversionofphishingiscloselyrelatedtospearphishing.Again,specificindividualsaretargeted,butinthiscasetheindividualsareimportantindividualshighupinanorganizationsuchasthecorporateofficers.Thegoalistogoafterthese“biggertargets,”andthusthetermthatisusedtorefertothisformofattackiswhaling.
Arecentdevelopmenthasbeentheintroductionofamodificationtotheoriginalphishingattack.Spearphishingisthetermthathasbeencreatedtorefertothespecialtargetingofgroupswithsomethingincommonwhenlaunchingaphishingattack.Bytargetingspecificgroups,theratioofsuccessfulattacks(thatis,thenumberofresponsesreceived)tothetotalnumberofe-mailsormessagessentusuallyincreasesbecauseatargetedattackwillseemmoreplausiblethanamessagesenttousersrandomly.Pharmingconsistsofmisdirectinguserstofakewebsitesmadetolook
official.Usingphishing,individualsaretargetedonebyonebysendingoute-mails.Tobecomeavictim,therecipientmusttakeanaction(forexample,respondbyprovidingpersonalinformation).Inpharming,theuserwillbedirectedtothefakewebsiteasaresultofactivitysuchasDNSpoisoning(anattackthatchangesURLsinaserver’sdomainnametable)ormodificationoflocalhostfiles,whichareusedtoconvertURLstotheappropriateIPaddress.Onceatthefakesite,theusermaysupplypersonalinformation,believingthattheyareconnectedtothelegitimatesite.
VishingVishingisavariationofphishingthatusesvoicecommunicationtechnologytoobtaintheinformationtheattackerisseeking.Vishingtakesadvantageofthetrustthatsomepeopleplaceinthetelephonenetwork.Usersareunawarethatattackerscanspoof(simulate)callsfromlegitimateentitiesusingVoiceoverIP(VoIP)technology.Voicemessagingcanalsobecompromisedandusedintheseattempts.Generally,theattackersarehopingtoobtaincreditcardnumbersorotherinformationthatcanbeusedinidentitytheft.Theusermayreceiveane-mailaskinghimorhertocallanumberthatisansweredbyapotentiallycompromisedvoicemessagesystem.Usersmayalsoreceivearecordedmessagethatappearstocomefromalegitimateentity.Inbothcases,theuserwillbeencouragedtorespondquicklyandprovidethesensitiveinformationsothataccesstotheiraccountisnotblocked.Ifausereverreceivesamessagethatclaimstobefromareputableentityandasksforsensitiveinformation,theusershouldnotprovideitbutinsteadshouldusetheInternetorexaminealegitimateaccountstatementtofindaphonenumberthatcanbeusedtocontacttheentity.Theusercanthenverifythatthemessagereceivedwaslegitimateorreportthevishingattempt.
TechTip
BewareofVishingVishing(phishingconductedusingvoicesystems)isgenerallysuccessfulbecauseofthetrustthatindividualsplaceinthetelephonesystem.WithcallerID,peoplebelievetheycanidentifywhoitisthatiscallingthem.Theydonotunderstandthat,justlikemanyprotocolsintheTCP/IPprotocolsuite,callerIDcanbespoofed.
SPAMThoughnotgenerallyconsideredasocialengineeringissue,norasecurityissueforthatmatter,SPAMcan,however,beasecurityconcern.SPAM,
asjustabouteverybodyknows,isbulkunsolicitede-mail.Itcanbelegitimateinthesensethatithasbeensentbyacompanyadvertisingaproductorservice,butitcanalsobemaliciousandcouldincludeanattachmentthatcontainsmalicioussoftwaredesignedtoharmyoursystem,oralinktoamaliciouswebsitethatmayattempttoobtainpersonalinformationfromyou.Thoughnotaswellknown,avariationonSPAMisSPIM,whichisbasicallySPAMdeliveredviaaninstantmessagingapplicationsuchasYahoo!MessengerorAIM.ThepurposeofhostileSPIMisthesameasthatofSPAM—thedeliveryofmaliciouscontentorlinks.
ShoulderSurfingShouldersurfingdoesnotnecessarilyinvolvedirectcontactwiththetarget,butinsteadinvolvestheattackerdirectlyobservingtheindividualenteringsensitiveinformationonaform,keypad,orkeyboard.Theattackermaysimplylookovertheshoulderoftheuseratwork,forexample,ormaysetupacameraorusebinocularstoviewtheuserenteringsensitivedata.Theattackercanattempttoobtaininformationsuchasapersonalidentificationnumber(PIN)atanautomatedtellermachine(ATM),anaccesscontrolentrycodeatasecuregateordoor,oracallingcardorcreditcardnumber.Manylocationsnowuseasmallshieldtosurroundakeypadsothatitisdifficulttoobservesomebodyenteringinformation.Moresophisticatedsystemscanactuallyscramblethelocationofthenumberssothatthetoprowatonetimeincludesthenumbers1,2,and3andthenexttime4,8,and0.Whilethismakesitabitslowerfortheusertoenterinformation,itthwartsanattacker’sattempttoobservewhatnumbersarepressedandenterthesamebuttons/pattern,sincethelocationofthenumbersconstantlychanges.
Arelated,somewhatobvioussecurityprecautionisthatapersonshouldnotusethesamePINforalloftheirdifferentaccounts,gatecodes,andsoon,sinceanattackerwholearnsthePINforone
typeofaccesscouldthenuseitforalloftheothertypesofaccess.
Althoughmethodssuchasaddingshieldstoblockthevieworhavingthepad“scramble”thenumberscanhelpmakeshouldersurfingmoredifficult,thebestdefenseisforuserstobeawareoftheirsurroundingsandtonotallowindividualstogetintoapositionfromwhichtheycanobservewhattheuserisentering.Theattackermayattempttoincreasethechanceofsuccessfully
observingthetargetenteringthedatabystartingaconversationwiththetarget.Thisprovidesanexcusefortheattackertobephysicallyclosertothetarget.Otherwise,thetargetmaybesuspiciousiftheattackerisstandingtooclose.Inthissense,shouldersurfingcanbeconsideredasocialengineeringattack.
ReverseSocialEngineeringAslightlydifferentapproachtosocialengineeringiscalledreversesocialengineering.Inthistechnique,theattackerhopestoconvincethetargettoinitiatethecontact.Thisobviouslydiffersfromthetraditionalapproach,wherethetargetistheonethatiscontacted.Thereasonthisattackmaybesuccessfulisthat,sincethetargetistheoneinitiatingthecontact,attackersmaynothavetoconvincethetargetoftheirauthenticity.Thetrickypartofthisattackis,ofcourse,convincingthetargettomakethatinitialcontact.Possiblemethodstoaccomplishthismightincludesendingoutaspoofede-mail(fakee-maildesignedtoappearauthentic)thatclaimstobefromareputablesourceandprovidesanothere-mailaddressorphonenumbertocallfor“techsupport,”orpostinganoticeorcreatingaboguswebsiteforalegitimatecompanythatalsoclaimstoprovide“techsupport.”Thismaybeespeciallysuccessfuliftimedtocoincidewithacompany’sdeploymentofanewsoftwareorhardwareplatform.Anotherpotentialtimetotargetanorganizationwiththissortofattackiswhenthereisasignificantchangeintheorganizationitself,suchaswhentwocompaniesmergeorasmallercompanyisacquiredbyalargerone.Duringthesetimes,employeesarenotfamiliarwiththeneworganizationoritsprocedures,
andamidsttheconfusion,itiseasytoconducteitherasocialengineeringorreversesocialengineeringattack.
TechTip
BeAwareofReverseSocialEngineeringReversesocialengineeringisnotnearlyaswidelyunderstoodassocialengineeringandisabittrickiertoexecute.Iftheattackerissuccessfulinconvincinganindividualtomaketheinitialcontact,however,theprocessofconvincingthemoftheauthenticityoftheattackerisgenerallymucheasierthaninasocialengineeringattack.
HoaxesAtfirstglance,itmightseemthatahoaxrelatedtosecuritywouldbeconsideredanuisanceandnotarealsecurityissue.Thismightbethecaseforsomehoaxes,especiallythoseoftheurbanlegendtype,buttherealityofthesituationisthatahoaxcanbeverydamagingifitcausesuserstotakesomesortofactionthatweakenssecurity.Onerealhoax,forexample,describedanew,highlydestructivepieceofmalicioussoftware.Itinstructeduserstocheckfortheexistenceofacertainfileandtodeleteitifthefilewasfound.Inreality,thefilementionedwasanimportantfileusedbytheoperatingsystem,anddeletingitcausedproblemsthenexttimethesystemwasbooted.Thedamagecausedbyusersmodifyingsecuritysettingscanbeserious.Aswithotherformsofsocialengineering,trainingandawarenessarethebestandfirstlineofdefenseforbothusersandadministrators.Usersshouldbetrainedtobesuspiciousofunusuale-mailsandstoriesandshouldknowwhotocontactintheorganizationtoverifytheirvalidityiftheyarereceived.Hoaxesoftenalsoadvisetheusertosendittotheirfriendssotheyknowabouttheissueaswell—andbydoingso,theyhelpspreadthehoax.Usersneedtobesuspiciousofanye-mailtellingthemto“spreadtheword.”
PoorSecurityPracticesAsignificantportionofhuman-createdsecurityproblemsresultsfrompoorsecuritypractices.Thesepoorpracticesmaybethoseofanindividualuserwhoisnotfollowingestablishedsecuritypoliciesorprocesses,ortheymaybecausedbyalackofsecuritypolicies,procedures,ortrainingwithintheuser’sorganization.
PasswordSelectionFormanyyears,computerintrudershavereliedonusers’poorselectionofpasswordstohelptheintrudersintheirattemptstogainunauthorizedaccesstoasystemornetwork.Ifattackerscouldobtainalistoftheusers’names,chancesweregoodtheycouldeventuallyaccessthesystem.Userstendtopickpasswordsthatareeasyforthemtoremember,andwhateasierpasswordcouldtherebethanthesamesequenceofcharactersthattheyusefortheiruserID?Ifasystemhasanaccountwiththeusernamejdoe,anattacker’sreasonablefirstguessoftheaccount’spasswordwouldbejdoe.Ifthisdoesn’twork,theattackerwouldtryvariationsonthesame,suchasdoej,johndoe,johnd,andeodj,allofwhichwouldbereasonablepossibilities.
Poorpasswordselectionisoneofthemostcommonofpoorsecuritypractices,andoneofthemostdangerous.Numerousstudiesthathavebeenconductedonpasswordselectionhavefoundthat,whileoverallmoreusersarelearningtoselectgoodpasswords,asignificantpercentageofusersstillmakepoorchoices.Theproblemwiththis,ofcourse,isthatapoorpasswordchoicecanenableanattackertocompromiseacomputersystemornetworkmoreeasily.Evenwhenusershavegoodpasswords,theyoftenresorttoanotherpoorsecuritypractice—writingthepassworddowninaneasilylocatedplace,whichcanalsoleadtosystemcompromiseifanattackergainsphysicalaccesstothearea.
Iftheattacker’sattempttousevariationsontheusernamedoesnotyieldthecorrectpassword,theymightsimplyneedmoreinformation.Usersalsofrequentlypicknamesoffamilymembers,pets,orfavoritesportsteam.If
theuserlivesinSanAntonio,Texas,forexample,apossiblepasswordmightbegospursgoinhonorofthecity’sprofessionalbasketballteam.Iftheseattemptsdon’tworkfortheattacker,thentheattackermightnexttryhobbiesoftheuser,thenameoftheuser’sfavoritemakeormodelofcar,orsimilarpiecesofinformation.Thekeyisthattheuseroftenpickssomethingeasyforthemtoremember,whichmeansthatthemoretheattackerknowsabouttheuser,thebetterthechanceofdiscoveringtheuser’spassword.Inanattempttocomplicatetheattacker’sjob,organizationshave
encouragedtheiruserstomixupper-andlowercasecharactersandtoincludenumbersandspecialcharactersintheirpassword.Whilethisdoesmakethepasswordhardertoguess,thebasicproblemstillremains:userswillpicksomethingthatiseasyforthemtoremember.Thus,ouruserinSanAntoniomayselectthepasswordG0*Spurs*G0,capitalizingthreeoftheletters,insertingaspecialcharactertwice,andsubstitutingthenumberzerofortheletterO.Thismakesthepasswordhardertocrack,butthereareafinitenumberofvariationsonthebasicgospursgopassword,so,whiletheattacker’sjobhasbeenmademoredifficult,itisstillpossibletoguessthepassword.Organizationshavealsoinstitutedadditionalpoliciesandrulesrelating
topasswordselectiontofurthercomplicateanattacker’sefforts.Organizations,forexample,mayrequireuserstofrequentlychangetheirpassword.Thismeansthatifanattackerisabletoguessapassword,itisonlyvalidforalimitedperiodoftimebeforeanewpasswordisselected,afterwhichtheattackerislockedout.Allisnotlostfortheattacker,however,since,again,userswillselectpasswordstheycanremember.Forexample,passwordchangesoftenresultinanewpasswordthatsimplyincorporatesanumberattheendoftheoldone.Thus,ourSanAntoniousermightselectG0*Spurs*G1asthenewpassword,inwhichcasethebenefitofforcingpasswordchangesonaperiodic,orevenfrequent,basishasbeentotallylost.ItisagoodbetthatthenextpasswordchosenwillbeG0*Spurs*G2,followedbyG0Spurs*G3,andsoforth.
TechTip
HeartbleedVulnerabilityIn2014,avulnerabilityintheOpenSSLcryptographywasdiscoveredandgiventhenameHeartbleedbecauseitoriginatedintheheartbeatsignalemployedbythesystem.Thisvulnerabilityresultedinthepotentiallossofpasswordsandothersensitivedataacrossmultipleplatformsanduptoamillionwebserversandrelatedsystems.Heartbleedresultedinrandomdatalossfromservers,as64Kblocksofmemorywereexfiltratedfromthesystem.AmongtheitemsthatmaybelostinHeartbleedattacksareusercredentials,userIDs,andpasswords.ThediscoveryofthisvulnerabilityprompteduserstochangeamassivenumberofpasswordsacrosstheWeb,asusershadnoknowledgeastothestatusoftheircredentials.Oneofthecommonpiecesofadvicetouserswastonotreusepasswordsbetweensystems.Thisadviceisuniversallygoodadvice,notjustforHeartbleed,butforallsystems,allthetime.
Anotherpolicyorrulegoverningpasswordselectionoftenadoptedbyorganizationsisthatpasswordsmustnotbewrittendown.This,ofcourse,isdifficulttoenforce,andthususerswillfrequentlywritethemdown,oftenasaresultofwhatisreferredtoasthe“passworddilemma.”Themoredifficultwemakeitforattackerstoguessourpasswords,andthemorefrequentlyweforcepasswordchanges,themoredifficultthepasswordsareforauthorizeduserstorememberandthemorelikelytheyaretowritethemdown.Writingthemdownandputtingtheminasecureplaceisonething,butalltoooftenuserswillwritethemonaslipofpaperandkeepthemintheircalendar,wallet,orpurse.Mostsecurityconsultantsgenerallyagreethatiftheyaregivenphysicalaccesstoanoffice,theywillbeabletofindapasswordsomewhere—thetopdrawerofadesk,insideofadeskcalendar,attachedtotheundersideofthekeyboard,orevensimplyonayellow“stickynote”attachedtothemonitor.Withtheproliferationofcomputers,networks,andusers,thepassword
dilemmahasgottenworse.Today,theaverageInternetuserprobablyhasatleastahalfdozendifferentaccountsandpasswordstoremember.Selectingadifferentpasswordforeachaccount,followingtheguidelinesmentionedpreviouslyregardingcharacterselectionandfrequencyof
changes,onlyaggravatestheproblemofrememberingthepasswords.Thisresultsinusersalltoofrequentlyusingthesamepasswordforallaccounts.Ifauserdoesthis,andthenoneoftheaccountsisbroken,allotheraccountsaresubsequentlyalsovulnerabletoattack.
Knowtherulesforgoodpasswordselection.Generally,thesearetouseeightormorecharactersinyourpassword,includeacombinationofupper-andlowercaseletters,includeatleastonenumberandonespecialcharacter,donotuseacommonword,phrase,orname,andchooseapasswordthatyoucanremembersothatyoudonotneedtowriteitdown.
Theneedforgoodpasswordselectionandtheprotectionofpasswordsalsoappliestoanothercommonfeatureoftoday’selectronicworld,PINs.MostpeoplehaveatleastonePINassociatedwiththingssuchastheirATMcardorasecuritycodetogainphysicalaccesstoaroom.Again,userswillinvariablyselectnumbersthatareeasytoremember.Specificnumbers,suchastheindividual’sbirthdate,theirspouse’sbirthdate,orthedateofsomeothersignificantevent,areallcommonnumberstoselect.Otherpeoplewillpickpatternsthatareeasytoremember—2580,forexample,usesallofthecenternumbersonastandardnumericpadonatelephone.Attackersknowthis,andguessingPINsfollowsthesamesortofprocessthatguessingapassworddoes.Passwordselectionisanindividualactivity,andensuringthat
individualsaremakinggoodselectionsistherealmoftheentity’spasswordpolicy.Toensureusersmakeappropriatechoices,theyneedtobeawareoftheissueandtheirpersonalroleinsecuringaccounts.Aneffectivepasswordpolicyconveysboththeuserroleandresponsibilityassociatedwithpasswordusageanddoessoinasimpleenoughmannerthatitcanbeconveyedviascreennotesduringmandatedpasswordchangeevents.
ShoulderSurfing
Asdiscussedearlier,shouldersurfingdoesnotinvolvedirectcontactwiththeuser,butinsteadinvolvestheattackerdirectlyobservingthetargetenteringsensitiveinformationonaform,keypad,orkeyboard.Theattackermaysimplylookovertheshoulderoftheuseratwork,watchingasacoworkerenterstheirpassword.Althoughdefensivemethodscanhelpmakeshouldersurfingmoredifficult,thebestdefenseisforausertobeawareoftheirsurroundingsandtonotallowindividualstogetintoapositionfromwhichtheycanobservewhattheuserisentering.Arelatedsecuritycommentcanbemadeatthispoint:apersonshouldnotusethesamePINforalloftheirdifferentaccounts,gatecodes,andsoon,sinceanattackerwholearnsthePINforonecouldthenuseitforalltheothers.
PiggybackingPeopleareofteninahurryandwillfrequentlynotfollowgoodphysicalsecuritypracticesandprocedures.Attackersknowthisandmayattempttoexploitthischaracteristicinhumanbehavior.TailgatingorpiggybackingisthesimpletacticoffollowingcloselybehindapersonwhohasjustusedtheirownaccesscardorPINtogainphysicalaccesstoaroomorbuilding.Anattackercanthusgainaccesstothefacilitywithouthavingtoknowtheaccesscodeorhavingtoacquireanaccesscard.Itissimilartoshouldersurfinginthatitreliesontheattackertakingadvantageofanauthorizedusernotfollowingsecurityprocedures.Frequentlytheattackermayevenstartaconversationwiththetargetbeforereachingthedoorsothattheusermaybemorecomfortablewithallowingtheindividualinwithoutchallengingthem.Inthissensepiggybackingisrelatedtosocialengineeringattacks.Boththepiggybackingandshouldersurfingattacktechniquescanbeeasilycounteredbyusingsimpleprocedurestoensurenobodyfollowsyoutoocloselyorisinapositiontoobserveyouractions.Bothtechniquesrelyonthepoorsecuritypracticesofanauthorizedusertobesuccessful.Amoresophisticatedcountermeasuretopiggybackingisa“mantrap,”whichutilizestwodoorstogainaccesstothefacility.Theseconddoordoesnotopenuntilthefirstoneisclosedandisspacedcloseenoughtothefirstthatanenclosureisformedthatonlyallowsone
individualthroughatatime.
DumpsterDivingAsmentionedearlier,attackersneedacertainamountofinformationbeforelaunchingtheirattack.Onecommonplacetofindthisinformation,iftheattackerisinthevicinityofthetarget,isthetarget’strash.Theattackermightfindlittlebitsofinformationthatcouldbeusefulforanattack.Thisprocessofgoingthroughatarget’strashinhopesoffindingvaluableinformationthatmightbeusedinapenetrationattemptisknowninthecomputercommunityasdumpsterdiving.Thetacticisnot,however,uniquetothecomputercommunity;ithasbeenusedformanyyearsbyothers,suchasidentitythieves,privateinvestigators,andlawenforcementpersonnel,toobtaininformationaboutanindividualororganization.Iftheattackersareverylucky,andthetarget’ssecurityproceduresareverypoor,theymayactuallyfinduserIDsandpasswords.Asmentionedinthediscussiononpasswords,userssometimeswritetheirpassworddown.If,whenthepasswordischanged,theydiscardthepapertheoldpasswordwaswrittenonwithoutshreddingit,theluckydumpsterdivercangainavaluableclue.Eveniftheattackerisn’tluckyenoughtoobtainapassworddirectly,heundoubtedlywillfindemployeenames,fromwhichit’snothardtodetermineuserIDs,asdiscussedearlier.Finally,theattackermaygatheravarietyofinformationthatcanbeusefulinasocialengineeringattack.Inmostlocations,trashisnolongerconsideredprivatepropertyafterithasbeendiscarded(andevenwheredumpsterdivingisillegal,littleenforcementoccurs).Anorganizationshouldhavepoliciesaboutdiscardingmaterials.Sensitiveinformationshouldbeshreddedandtheorganizationshouldconsidersecuringthetrashreceptaclesothatindividualscan’tforagethroughit.Peopleshouldalsoconsidershreddingpersonalorsensitiveinformationthattheywishtodiscardintheirowntrash.Areasonablequalityshredderisinexpensiveandwellworththepricewhencomparedwiththepotentiallossthatcouldoccurasaresultofidentitytheft.
TryThis!DivingintoYourDumpsterTheamountofusefulinformationthatusersthrowawayinunsecuredtrashreceptaclesoftenamazessecurityprofessionals.Hackersknowthattheycanoftenfindmanuals,networkdiagrams,andevenuserIDsandpasswordsbyrummagingthroughdumpsters.Aftercoordinatingthiswithyoursecurityoffice,tryseeingwhatyoucanfindthatindividualsinyourorganizationhavediscarded(assumingthatthereisnoshreddingpolicy)byeithergoingthroughyourorganization’sdumpstersorjustthroughtheofficetrashreceptacles.Whatusefulinformationdidyoufind?Isthereanobvioussuggestionthatyoumightmaketoenhancethesecurityofyourorganization?
InstallingUnauthorizedHardwareandSoftwareOrganizationsshouldhaveapolicythatrestrictstheabilityofnormaluserstoinstallsoftwareandnewhardwareontheirsystems.Acommonexampleisauserinstallingunauthorizedcommunicationsoftwareandamodemtoallowthemtoconnecttotheirmachineatworkviaamodemfromtheirhome.Anothercommonexampleisauserinstallingawirelessaccesspointsothattheycanaccesstheorganization’snetworkfrommanydifferentareas.Intheseexamples,theuserhassetupabackdoorintothenetwork,circumventingalltheothersecuritymechanismsinplace.Theterm“roguemodem”or“rogueaccesspoint”maybeusedtodescribethesetwocases.Abackdoorisanavenuethatcanbeusedtoaccessasystemwhilecircumventingnormalsecuritymechanismsandcanoftenbeusedtoinstalladditionalexecutablefilesthatcanleadtomorewaystoaccessthecompromisedsystem.Securityprofessionalscanusewidelyavailabletoolstoscantheirownsystemsperiodicallyforeitheroftheseroguedevicestoensurethatusershaven’tcreatedabackdoor.
Ithasalreadybeenmentionedthatgainingphysicalaccesstoacomputersystemornetworkoftenguaranteesanattackersuccessinpenetratingthesystemorthenetworkitisconnectedto.Atthesametime,theremaybeanumberofindividualswhohaveaccesstoafacilitybutarenot
authorizedtoaccesstheinformationthesystemsstoreandprocess.Webecomecomplacenttotheaccesstheseindividualshavebecausetheyoftenquietlygoabouttheirjobsoastonotdrawattentiontothemselvesandtominimizetheimpactontheoperationoftheorganization.Theymayalsobeoverlookedbecausetheirjobdoesnotimpactthecorefunctionoftheorganization.Aprimeexampleofthisisthecustodialstaff.Becomingcomplacentabouttheseindividualsandnotpayingattentiontowhattheymayhaveaccessto,however,couldbeabigmistake,andusersshouldnotbelievethateverybodywhohasphysicalaccesstotheorganizationhasthesamelevelofconcernfororinterestinthewelfareoftheorganization.
Anothercommonexampleofunauthorizedsoftwarethatusersinstallontheirsystemsisgames.Unfortunately,notallgamescomeinshrink-wrappedpackages.NumeroussmallgamescanbedownloadedfromtheInternet.Theproblemwiththisisthatusersdon’talwaysknowwherethesoftwareoriginallycamefromandwhatmaybehiddeninsideit.Manyindividualshaveunwittinglyinstalledwhatseemedtobeaninnocuousgame,onlytohavedownloadedapieceofmaliciouscodecapableofmanythings,includingopeningabackdoorthatallowsattackerstoconnectto,andcontrol,thesystemfromacrosstheInternet.Becauseofthesepotentialhazards,manyorganizationsdonotallow
theiruserstoloadsoftwareorinstallnewhardwarewithouttheknowledgeandassistanceofadministrators.Manyorganizationsalsoscreen,andoccasionallyintercept,e-mailmessageswithlinksorattachmentsthataresenttousers.Thishelpspreventusersfrom,say,unwittinglyexecutingahostileprogramthatwassentaspartofawormorvirus.Consequently,manyorganizationshavetheirmailserversstripoffexecutableattachmentstoe-mailsothatuserscan’taccidentallycauseasecurityproblem.
DataHandlingUnderstandingtheresponsibilitiesofproperdatahandlingassociatedwithone’sjobisanimportanttrainingtopic.Informationcanbedeceptiveinthatitisnotdirectlytangible,andpeopletendtodevelopbadhabitsaroundotherjobmeasures…attheexpenseofsecurity.Employeesrequiretraininginhowtorecognizethedataclassificationandhandlingrequirementsofthedatatheyareusing,andtheyneedtolearnhowto
followtheproperhandlingprocesses.Ifcertaindataelementsrequirespecialhandlingbecauseofcontracts,laws,orregulations,thereistypicallyatrainingclauseassociatedwiththisrequirement.Personnelassignedtothesetasksshouldbespecificallytrainedwithregardtothesecurityrequirements.Thespiritofthetrainingclauseisyougetwhatyoutrain,andifsecurityoverspecificdatatypesisarequirement,thenitshouldbetrained.Thissameprincipleholdsforcorporatedata-handlingresponsibilities;yougetthebehaviorsyoutrainandreward.
PhysicalAccessbyNon-EmployeesAshasbeenmentioned,ifanattackercangainphysicalaccesstoafacility,chancesareverygoodthattheattackercanobtainenoughinformationtopenetratecomputersystemsandnetworks.Manyorganizationsrequireemployeestowearidentificationbadgeswhenatwork.Thisisaneasymethodtoquicklyspotwhohaspermissiontohavephysicalaccesstotheorganizationandwhodoesnot.Whilethismethodiseasytoimplementandcanbeasignificantdeterrenttounauthorizedindividuals,italsorequiresthatemployeesactivelychallengeindividualswhoarenotwearingtherequiredidentificationbadge.Thisisoneareawhereorganizationsfail.Combineanattackerwhoslipsinbypiggybackingoffofanauthorizedindividualandanenvironmentwhereemployeeshavenotbeenencouragedtochallengeindividualswithoutappropriatecredentialsandyouhaveasituationwhereyoumightaswellnothaveanybadgesinthefirstplace.Organizationsalsofrequentlybecomecomplacentwhenfacedwithwhatappearstobealegitimatereasontoaccessthefacility,suchaswhenanindividualshowsupwithawarmpizzaclaimingitwasorderedbyanemployee.Ithasoftenbeenstatedbysecurityconsultantsthatitisamazingwhatyoucanobtainaccesstowithapizzaboxoravaseofflowers.
Preventingaccesstoinformationisalsoimportantintheworkarea.Firmswithsensitive
informationshouldhavea“cleandeskpolicy”specifyingthatsensitiveinformationisnotleftunsecuredintheworkareawhentheworkerisnotpresenttoactascustodian.
Anotheraspectthatmustbeconsideredispersonnelwhohavelegitimateaccesstoafacilitybutalsohaveintenttostealintellectualpropertyorotherwiseexploittheorganization.Physicalaccessprovidesaneasyopportunityforindividualstolookfortheoccasionalpieceofcriticalinformationcarelesslyleftout.Withtheproliferationofdevicessuchascellphoneswithbuilt-incameras,anindividualcouldeasilyphotographinformationwithoutitbeingobvioustoemployees.Contractors,consultants,andpartnersfrequentlynotonlyhavephysicalaccesstothefacilitybutmayalsohavenetworkaccess.Otherindividualswhotypicallyhaveunrestrictedaccesstothefacilitywhennooneisaroundarenighttimecustodialcrewmembersandsecurityguards.Suchpositionsareoftencontractedout.Asaresult,hackershavebeenknowntotaketemporarycustodialjobssimplytogainaccesstofacilities.
CleanDeskPoliciesPreventingaccesstoinformationisalsoimportantintheworkarea.Firmswithsensitiveinformationshouldhavea“cleandeskpolicy”specifyingthatsensitiveinformationmustnotbeleftunsecuredintheworkareawhentheworkerisnotpresenttoactascustodian.Evenleavingthedeskareaandgoingtothebathroomcanleaveinformationexposedandsubjecttocompromise.Thecleandeskpolicyshouldidentifyandprohibitthingsthatarenotobviousuponfirstglance,suchaspasswordsonstickynotesunderkeyboardsandmousepadsorinunsecureddeskdrawers.
PeopleasaSecurityToolAninterestingparadoxwhenspeakingofsocialengineeringattacksisthatpeoplearenotonlythebiggestproblemandsecurityriskbutalsothebesttoolindefendingagainstasocialengineeringattack.Thefirststepacompanyshouldtaketofightpotentialsocialengineeringattacksisto
createthepoliciesandproceduresthatestablishtherolesandresponsibilitiesfornotonlysecurityadministratorsbutforallusers.Whatisitthatmanagementexpects,security-wise,fromallemployees?Whatisitthattheorganizationistryingtoprotect,andwhatmechanismsareimportantforthatprotection?
Perthe2014VerizonDataBreachInvestigationReport,introducedinChapter1,hackswerediscoveredmoreoftenbyinternalemployeesthanbyoutsiders.Thismeansthattraineduserscanbeanimportantpartofasecurityplan.
SecurityAwarenessProbablythesinglemosteffectivemethodtocounterpotentialsocialengineeringattacks,afterestablishmentoftheorganization’ssecuritygoalsandpolicies,isanactivesecurityawarenessprogram.Theextentofthetrainingwillvarydependingontheorganization’senvironmentandthelevelofthreat,butinitialemployeetrainingonsocialengineeringatthetimeapersonishiredisimportant,aswellasperiodicrefreshertraining.Animportantelementthatshouldbestressedintrainingaboutsocial
engineeringisthetypeofinformationthattheorganizationconsiderssensitiveandwhichmaybethetargetofasocialengineeringattack.Thereareundoubtedlysignsthattheorganizationcouldpointtoasindicativeofanattackerattemptingtogainaccesstosensitivecorporateinformation.Allemployeesshouldbeawareoftheseindicators.Thescopeofinformationthatanattackermayaskforisverylarge,andmanyquestionsattackersposemightalsobelegitimateinanothercontext(askingforsomeone’sphonenumber,forexample).Employeesshouldbetaughttobecautiousaboutrevealingpersonalinformationandshouldespeciallybealertforquestionsregardingaccountinformation,personallyidentifiableinformation,orpasswords.
TryThis!SecurityAwarenessProgramsAstrongsecurityeducationandawarenesstrainingprogramcangoalongwaytowardreducingthechancethatasocialengineeringattackwillbesuccessful.Awarenessprogramsandcampaigns,whichmightincludeseminars,videos,posters,newsletters,andsimilarmaterials,arealsofairlyeasytoimplementandnotverycostly.Thereisnoreasonforanorganizationtonothaveanawarenessprograminplace.AlotofinformationandideasareavailableontheInternet.SeewhatyoucanfindthatmightbeusableforyourorganizationthatyoucanobtainatnochargefromvariousorganizationsontheInternet.(Tip:CheckorganizationssuchasNISTandNSA,whichhavedevelopednumeroussecuritydocumentsandguidelines.)
Asafinalnoteonuserresponsibilities,corporatesecurityofficersmustcultivateanenvironmentoftrustintheiroffice,aswellasanunderstandingoftheimportanceofsecurity.Ifusersfeelthatsecuritypersonnelareonlytheretomaketheirlifedifficultortodredgeupinformationthatwillresultinanemployee’stermination,theatmospherewillquicklyturnadversarialandbetransformedintoan“usversusthem”situation.Securitypersonnelneedthehelpofallusersandshouldstrivetocultivateateamenvironmentinwhichusers,whenfacedwithaquestionablesituation,willnothesitatetocallthesecurityoffice.Insituationslikethis,securityofficesshouldremembertheoldadageof“don’tshootthemessenger.”
SecurityPolicyTrainingandProceduresPeopleinanorganizationplayasignificantroleinthesecuritypostureoftheorganization,Assuch,trainingisimportantasitcanprovidethebasisforawarenessofissuessuchassocialengineeringanddesiredemployeesecurityhabits.ThesearedetailedinChapter2.
Chapter4Review
ChapterSummaryAfterreadingthischapterandcompletingtheexercises,youshouldunderstandthefollowingregardingtherolepeoplecanplayinsecurity.
Definebasicterminologyassociatedwithsocialengineering
Socialengineeringisatechniqueinwhichtheattackerusesvariousdeceptivepracticestoconvincethetargetedpersontodivulgeinformationtheynormallywouldnotdivulge,ortoconvincethetargettodosomethingtheynormallywouldn’tdo.
Inreversesocialengineering,theattackerhopestoconvincethetargettoinitiatecontact.
Describestepsorganizationscantaketoimprovetheirsecurity
Organizationsshouldhaveapolicythatrestrictstheabilityofnormaluserstoinstallnewsoftwareandhardwareontheirsystems.
Contractors,consultants,andpartnersmayfrequentlyhavenotonlyphysicalaccesstothefacilitybutalsonetworkaccess.Othergroupsthataregivenunrestricted,andunobserved,accesstoafacilityarenighttimecustodialcrewmembersandsecurityguards.Botharepotentialsecurityproblemsandorganizationsshouldtakestepstolimittheseindividuals’access.
Thesinglemosteffectivemethodtocounterpotentialsocialengineeringattacks,afterestablishingtheorganization’ssecuritygoalsandpolicies,isanactivesecurityawarenessprogram.
Describecommonuseractionsthatmayputanorganization’sinformationatrisk
Nomatterhowadvancedsecuritytechnologyis,itwillultimatelybedeployedinanenvironmentwherethehumanelementmaybeitsgreatestweakness.
Attackersknowthatemployeesarefrequentlyverybusyanddon’tstoptothinkaboutsecurity.Theymayattempttoexploitthisworkcharacteristicthroughpiggybackingorshouldersurfing.
Recognizemethodsattackersmayusetogaininformationaboutanorganization
Formanyyearscomputerintrudershavereliedonusers’poorselectionofpasswordstohelptheintrudersintheirattemptstogainunauthorizedaccesstoasystemornetwork.
Onecommonwaytofindusefulinformation(iftheattackerisinthevicinityofthetarget,suchasacompanyoffice)istogothroughthetarget’strashlookingforbitsofinformationthatcouldbeusefultoapenetrationattempt.
Determinewaysinwhichuserscanaidinsteadofdetractfromsecurity
Aninterestingparadoxofsocialengineeringattacksisthatpeoplearenotonlythebiggestproblemandsecurityriskbutalsothebestlineofdefenseagainstasocialengineeringattack.
Asignificantportionofemployee-createdsecurityproblemsarisefrompoorsecuritypractices.
Usersshouldalwaysbeonthewatchforattemptsbyindividualstogaininformationabouttheorganizationandshouldreportsuspiciousactivitytotheiremployer.
Recognizetheroletrainingandawarenessplaysinassistingthepeoplesideofsecurity
Individualuserscanenhancesecurityofasystemthroughproperexecutionoftheirindividualactionsandresponsibilities.
Trainingandawarenessprogramscanreinforceuserknowledgeof
desiredactions.
KeyTermsbackdoor(82)dumpsterdiving(81)phishing(75)piggybacking(80)reversesocialengineering(77)shouldersurfing(76)socialengineering(73)SPAM(76)tailgating(80)vishing(76)
KeyTermsQuizUsetermsfromtheKeyTermslisttocompletethesentencesthatfollow.Don’tusethesametermmorethanonce.Notalltermswillbeused.
1.A_______________isanavenuethatcanbeusedtoaccessasystemwhilecircumventingnormalsecuritymechanisms.
2._______________isaprocedureinwhichattackerspositionthemselvesinsuchawayastobeabletoobserveanauthorizeduserenteringthecorrectaccesscode.
3.Theprocessofgoingthroughatarget’strashsearchingforinformationthatcanbeusedinanattack,ortogainknowledgeaboutasystemornetwork,isknownas_______________.
4._______________isthesimpletacticoffollowingcloselybehindapersonwhohasjustusedtheiraccesscardorPINtogainphysicalaccesstoaroomorbuilding.
5.In_______________,theattackerhopestoconvincethetargettoinitiatecontact.
6._______________isavariationof_______________thatusesvoicecommunicationtechnologytoobtaintheinformationtheattackerisseeking.
Multiple-ChoiceQuiz1.Whichofthefollowingisconsideredagoodpracticeforpassword
security?
A.Usingacombinationofupper-andlowercasecharacters,anumber,andaspecialcharacterinthepassworditself
B.Notwritingthepassworddown
C.Changingthepasswordonaregularbasis
D.Alloftheabove
2.Thepassworddilemmareferstothefactthat:A.Passwordsthatareeasyforuserstorememberarealsoeasyfor
attackerstoguess.
B.Themoredifficultwemakeitforattackerstoguessourpasswords,andthemorefrequentlyweforcepasswordchanges,themoredifficultthepasswordsareforauthorizeduserstorememberandthemorelikelytheyaretowritethemdown.
C.Userswillinvariablyattempttoselectpasswordsthatarewordstheycanremember.Thismeanstheymayselectthingscloselyassociatedwiththem,suchastheirspouse’sorchild’sname,abelovedsportsteam,orafavoritemodelofcar.
D.Passwordsassignedbyadministratorsareusuallybetterand
moresecure,butareoftenharderforuserstoremember.
3.ThesimpletacticoffollowingcloselybehindapersonwhohasjustusedtheirownaccesscardorPINtogainphysicalaccesstoaroomorbuildingiscalled:
A.Shouldersurfing
B.Tagging-along
C.Piggybacking
D.Accessdrafting
4.Theprocessofgoingthroughatarget’strashinhopesoffindingvaluableinformationthatmightbeusedinapenetrationattemptisknownas:
A.Dumpsterdiving
B.Trashtrolling
C.Garbagegathering
D.Refuserolling
5.Whichofthefollowingisatypeofsocialengineeringattackinwhichanattackerattemptstoobtainsensitiveinformationfromauserbymasqueradingasatrustedentityinane-mail?
A.SPAM
B.SPIM
C.Phishing
D.Vishing
6.Reversesocialengineeringinvolves:A.Contactingthetarget,elicitingsomesensitiveinformation,and
convincingthemthatnothingoutoftheordinaryhasoccurred
B.Contactingthetargetinanattempttoobtaininformationthatcanbeusedinasecondattemptwithadifferentindividual
C.Anindividuallowerinthechainofcommandconvincingsomebodyatahigherleveltodivulgeinformationthattheattackerisnotauthorizedtohave
D.Anattackerattemptingtosomehowconvincethetargettoinitiatecontactinordertoavoidquestionsaboutauthenticity
7.Thereasonfornotallowinguserstoinstallnewhardwareorsoftwarewithouttheknowledgeofsecurityadministratorsis:
A.Theymaynotcompletetheinstallationcorrectlyandtheadministratorwillhavetodomorework,takingthemawayfrommoreimportantsecuritytasks.
B.Theymayinadvertentlyinstallmorethanjustthehardwareorsoftware;theymayaccidentallyinstallabackdoorintothenetwork.
C.Theymaynothavepaidforitandthusmaybeexposingtheorganizationtocivilpenalties.
D.Unauthorizedhardwareandsoftwareareusuallyforleisurepurposesandwilldistractemployeesfromthejobtheywerehiredtoperform.
8.Onceanorganization’ssecuritypolicieshavebeenestablished,thesinglemosteffectivemethodofcounteringpotentialsocialengineeringattacksis:
A.Anactivesecurityawarenessprogram
B.Aseparatephysicalaccesscontrolmechanismforeachdepartmentintheorganization
C.Frequenttestingofboththeorganization’sphysicalsecurityproceduresandemployeetelephonepractices
D.Implementingaccesscontrolcardsandthewearingofsecurityidentificationbadges
9.Whichofthefollowingtypesofattacksutilizesinstantmessagingservices?
A.SPAM
B.SPIM
C.Phishing
D.Vishing
10.InwhatwayarePINssimilartopasswords?A.UserswillnormallypickaPINthatiseasytoremember,such
asadateorspecificpattern.
B.AttackersknowcommonPINsandwilltrytousethemorwillattempttolearnmoreabouttheuserinordertomakeaneducatedguessastowhattheirPINmightbe.
C.Usersmaywritethemdowntorememberthem.
D.Alloftheabovearetrue.
EssayQuiz1.Explainthedifferencebetweensocialengineeringandreversesocial
engineering.
2.Discusshowasecurity-relatedhoaxmightbecomeasecurityissue.3.Howmightshouldersurfingbeathreatinyourschoolorwork
environment?Whatcanbedonetomakethissortofactivitymoredifficult?
4.Foranenvironmentfamiliartoyou(suchasworkorschool),describethedifferentnon-employeeswhomayhaveaccessto
facilitiesthatcouldcontainsensitiveinformation.
5.Describesomeoftheusersecurityresponsibilitiesthatyoufeelaremostimportantforuserstoremember.
LabProjects
•LabProject4.1Ifpossibleateitheryourplaceofemploymentoryourschool,attempttodeterminehoweasyitwouldbetoperformdumpsterdivingtogainaccesstoinformationatthesite.Aretrashreceptacleseasytogainaccessto?Aredocumentsshreddedbeforebeingdiscarded?Areareaswheretrashisstoredeasilyaccessible?
•LabProject4.2PerformasearchontheWebforarticlesandstoriesaboutsocialengineeringattacksorreversesocialengineeringattacks.Chooseandreadfiveorsixarticles.Howmanyoftheattacksweresuccessful?Howmanyfailedandwhy?Howcouldthosethatmayhaveinitiallysucceededbeenprevented?
•LabProject4.3SimilartoLabProject4.2,performasearchontheWebforarticlesandstoriesaboutphishingattacks.Chooseandreadfiveorsixarticles.Howmanyoftheattacksweresuccessful?Howmanyfailedandwhy?Howmightthesuccessfulattackshavebeenmitigatedorsuccessfullyaccomplished?
chapter5 Cryptography
Ifyouaredesigningcryptosystems,you’vegottothinkaboutlong-termapplications.You’vegottotrytofigureouthowtobuildsomethingthatissecureagainsttechnologyinthenextcentury
C
thatyoucannotevenimagine.
—WHITFIELDDIFFIE
Inthischapter,youwilllearnhowto
Understandthefundamentalsofcryptography
Identifyanddescribethethreetypesofcryptography
Listanddescribecurrentcryptographicalgorithms
Explainhowcryptographyisappliedforsecurity
ryptographyisthescienceofencrypting,orhiding,information—somethingpeoplehavesoughttodosincetheybeganusinglanguage.Althoughlanguageallowedpeopletocommunicatewithoneanother,
thoseinpowerattemptedtohideinformationbycontrollingwhowastaughttoreadandwrite.Eventually,morecomplicatedmethodsofconcealinginformationbyshiftinglettersaroundtomakethetextunreadableweredeveloped.Thesecomplicatedmethodsarecryptographicalgorithms,alsoknownasciphers.ThewordciphercomesfromtheArabicwordsifr,meaningemptyorzero.Whenmaterial,calledplaintext,needstobeprotectedfrom
unauthorizedinterceptionoralteration,itisencryptedintociphertext.Thisisdoneusinganalgorithmandakey,andtheriseofdigitalcomputershasprovidedawidearrayofalgorithmsandincreasinglycomplexkeys.Thechoiceofspecificalgorithmdependsonseveralfactors,andtheywillbeexaminedinthischapter.Cryptanalysis,theprocessofanalyzingavailableinformationinan
attempttoreturntheencryptedmessagetoitsoriginalform,requiredadvancesincomputertechnologyforcomplexencryptionmethods.Thebirthofthecomputermadeitpossibletoeasilyexecutethecalculationsrequiredbymorecomplexencryptionalgorithms.Today,thecomputeralmostexclusivelypowershowencryptionisperformed.Computertechnologyhasalsoaidedcryptanalysis,allowingnewmethodstobe
developed,suchaslinearanddifferentialcryptanalysis.Differentialcryptanalysisisdonebycomparingtheinputplaintexttotheoutputciphertexttotryanddeterminethekeyusedtoencrypttheinformation.Linearcryptanalysisissimilarinthatitusesbothplaintextandciphertext,butitputstheplaintextthroughasimplifiedciphertotryanddeducewhatthekeyislikelytobeinthefullversionofthecipher.
CryptographyinPracticeWhilecryptographymaybeascience,itperformscriticalfunctionsintheenablingoftrustacrosscomputernetworksinbusinessandotherfunctions.Beforewedigdeepintothetechnicalnatureofcryptographicpractices,anoverviewofcurrentcapabilitiesisuseful.Examiningcryptographyfromahighlevel,thereareseveralrelevantpointstoday.Cryptographyhasbeenalong-runningeventofadvancesbothonthe
sideofcryptographyandthesideofbreakingitviaanalysis.Withtheadventofdigitalcryptography,theadvantagehasclearlyswungtothesideofcryptography.Moderncomputershavealsoincreasedtheneedfor,andloweredthecostofemploying,cryptographytosecureinformation.Inthepast,theeffectivenessrestedinthesecrecyofthealgorithm,butwithmoderndigitalcryptography,thestrengthisbasedonsheercomplexity.Thepowerofnetworksandmodernalgorithmshasalsobeenemployedtomanageautomatickeymanagement.
Cryptographyismuchmorethanencryption.Cryptographicmethodsenabledataprotection,datahiding,integritychecks,nonrepudiationservices,policyenforcement,keymanagementandexchange,andmanymoreelementsusedinmoderncomputing.IfyouusedtheWebtoday,oddsareyouusedcryptographywithoutevenknowingit.
Cryptographyhasmanyusesbesidesjustenablingconfidentialityincommunicationchannels.Cryptographicfunctionsareusedinawide
rangeofapplications,including,butnotlimitedto,hidingdata,resistingforgery,resistingunauthorizedchange,resistingrepudiation,policyenforcement,andkeyexchanges.Inspiteofthestrengthsofmoderncryptography,itstillfailsduetootherissues;knownplaintextattacks,poorlyprotectedkeys,andrepeatedpassphrasesareexamplesofhowstrongcryptographyisrenderedweakviaimplementationmistakes.Moderncryptographicalgorithmsarefarstrongerthanneededgiventhe
stateofcryptanalysis.Theweaknessesincryptosystemscomefromthesystemsurroundingthealgorithm,implementation,andoperationalizationdetails.AdiShamir,theSinRSA,statesitclearly:“Attackersdonotbreakcrypto;theybypassit.”Overtime,weaknessesanderrors,aswellasshortcuts,arefoundin
algorithms.Whenanalgorithmisreportedasbroken,theterm“broken”canhavemanymeanings.Thiscouldmeanthatthealgorithmisofnofurtheruse,oritcouldmeanthatithasweaknessesthatmaysomedaybeemployedtobreakit,oranythingbetweentheseextremes.Asallmethodscanbebrokenwithbruteforce,onequestionishowmucheffortisrequired,atwhatcost,whencomparedtothevalueoftheassetunderprotection.Whenexaminingthestrengthofacryptosystem,itisworthexamining
thefollowingtypesoflevelsofprotection:
1.Themechanismisnolongerusefulforanypurpose.2.Thecostofrecoveringthecleartextwithoutbenefitofthekeyhasfallentoalowlevel.
3.Thecosthasfallentoequaltoorlessthanthevalueofthedataorthenextleastcostattack.
4.Thecosthasfallentowithinseveralordersofmagnitudesofthecostofencryptionorthevalueofthedata.
5.Theelapsedtimeofattackhasfallentowithinmagnitudesofthelifeofthedata,regardlessofthecostthereof.
6.Thecosthasfallentolessthanthecostofabrute-forceattackagainstthekey.
7.Someonehasrecoveredonekeyoronemessage.
Thislistofconditionsisadescendinglistofrisks/benefits.Conditions6and7areregularoccurrencesincryptographicsystems,andgenerallynotworthworryingaboutatall.Infact,itisnotuntilthefourthpointthatonehastohaverealconcerns.Withallthissaid,mostorganizationsconsiderreplacementbetween5and6.Ifanyofthefirstthreearepositive,theorganizationseriouslyneedstoconsiderchangingtheircryptographicmethods.
FundamentalMethodsModerncryptographicoperationsareperformedusingbothanalgorithmandakey.Thechoiceofalgorithmdependsonthetypeofcryptographicoperationthatisdesired.Thesubsequentchoiceofkeyisthentiedtothespecificalgorithm.Cryptographicoperationsincludeencryption(fortheprotectionofconfidentiality),hashing(fortheprotectionofintegrity),digitalsignatures(tomanagenonrepudiation),andabevyofspecialtyoperationssuchaskeyexchanges.Themethodsusedtoencryptinformationarebasedontwoseparate
operations,substitutionandtransposition.Substitutionisthereplacementofanitemwithadifferentitem.Transpositionisthechangingoftheorderofitems.PigLatin,achild’scipher,employsbothoperationsinsimplisticformandisthuseasytodecipher.Theseoperationscanbedoneonwords,characters,and,inthedigitalworld,bits.Whatmakesasystemsecureisthecomplexityofthechangesemployed.Tomakeasystemreversible(soyoucanreliablydecryptit),thereneedstobeabasisforthepatternofchanges.Historicalciphersusedrelativelysimplepatterns,andonesthatrequiredsignificantknowledge(atthetime)tobreak.Moderncryptographyisbuiltaroundcomplexmathematicalfunctions.
Thesefunctionshavespecificpropertiesthatmakethemresistantto
reversingorsolvingbymeansotherthantheapplicationofthealgorithmandkey.
Assuranceisaspecificterminsecuritythatmeansthatsomethingisnotonlytruebutcanbeproventobesotosomespecificlevelofcertainty.
Whilethemathematicalspecificsoftheseoperationscanbeverycomplexandarebeyondthescopeofthislevelofmaterial,theknowledgetoproperlyemploythemisnot.Cryptographicoperationsarecharacterizedbythequantityandtypeofdata,aswellasthelevelandtypeofprotectionsought.Integrityprotectionoperationsarecharacterizedbythelevelofassurancedesired.Datacanbecharacterizedbyitsstate:dataintransit,dataatrest,ordatainuse.Itisalsocharacterizedinhowitisused,eitherinblockformorstreamform.
ComparativeStrengthsandPerformanceofAlgorithmsThereareseveralfactorsthatplayaroleindeterminingthestrengthofacryptographicalgorithm.Firstandmostobviousisthesizeofthekeyandtheresultingkeyspace.Thekeyspaceisdefinedasasetofeverypossiblekeyvalue.Onemethodofattackistosimplytryallofthepossiblekeysinabrute-forceattack.Theotherfactorisreferredtoasworkfactor,whichisasubjectivemeasurementofthetimeandeffortneededtoperformoperations.Iftheworkfactorislow,thentherateatwhichkeyscanbetestedishigh,meaningthatlargerkeyspacesareneeded.Workfactoralsoplaysaroleinprotectingsystemssuchaspasswordhashes,wherehavingahigherworkfactorcanbepartofthesecuritymechanism.
TechTip
KeyspaceComparisonsBecausethekeyspaceisanumericvalue,itisveryimportanttoensurethatcomparisonsaredoneusingsimilarkeytypes.Comparingakeymadeof1bit(2possiblevalues)andakeymadeof1letter(26possiblevalues)wouldnotyieldaccurateresults.Fortunately,thewidespreaduseofcomputershasmadealmostallalgorithmsstatetheirkeyspacevaluesintermsofbits.
Alargerkeyspaceallowstheuseofkeysofgreatercomplexity,andthereforemoresecurity,assumingthealgorithmiswelldesigned.Itiseasytoseehowkeycomplexityaffectsanalgorithmwhenyoulookatsomeoftheencryptionalgorithmsthathavebeenbroken.TheDataEncryptionStandard(DES)usesa56-bitkey,allowing72,000,000,000,000,000possiblevalues,butithasbeenbrokenbymoderncomputers.ThemodernimplementationofDES,TripleDES(3DES),usesthree56-bitkeys,foratotalkeylengthof168bits(althoughfortechnicalreasonstheeffectivekeylengthis112bits),or340,000,000,000,000,000,000,000,000,000,000,000,000possiblevalues.Whenanalgorithmlistsacertainnumberofbitsasakey,itisdefining
thekeyspace.Somealgorithmshavekeylengthsof8192bitsormore,resultinginverylargekeyspaces,evenbydigitalcomputerstandards.Moderncomputershavealsochallengedworkfactorelementsas
algorithmscanberenderedveryquicklybyspecializedhardwaresuchashigh-endgraphicchips.Todefeatthis,manyalgorithmshaverepeatedcyclestoaddtotheworkandreducetheabilitytoparallelizeoperationsinsideprocessorchips.Thisisdonetoincreasetheinefficiencyofacalculation,butinamannerthatstillresultsinsuitableperformancewhengiventhekeyandstillcomplicatesmatterswhendoneinabrute-forcemannerwithallkeys.
HistoricalPerspectives
Cryptographyisasoldassecrets.Humanshavebeendesigningsecretcommunicationsystemsforaslongthey’veneededtokeepcommunicationprivate.TheSpartansofancientGreecewouldwriteonaribbonwrappedaroundacylinderwithaspecificdiameter(calledascytale).Whentheribbonwasunwrapped,itrevealedastrangestringofletters.Themessagecouldbereadonlywhentheribbonwaswrappedaroundthesamediametercylinder.Thisisanexampleofatranspositioncipher,wherethesamelettersareusedbuttheorderischanged.Inalltheseciphersystems,theunencryptedinputtextisknownasplaintextandtheencryptedoutputisknownasciphertext.
SubstitutionCiphersTheRomanstypicallyusedadifferentmethodknownasashiftcipher.Inthiscase,oneletterofthealphabetisshiftedasetnumberofplacesinthealphabetforanotherletter.Acommonmodern-dayexampleofthisistheROT13cipher,inwhicheveryletterisrotated13positionsinthealphabet:niswritteninsteadofa,oinsteadofb,andsoon.Thesetypesofciphersarecommonlyencodedonanalphabetwheel,asshowninFigure5.1.
•Figure5.1Anyshiftciphercaneasilybeencodedanddecodedonawheeloftwopiecesofpaperwiththealphabetsetasaring;bymovingonecirclethespecifiednumberintheshift,youcantranslatethecharacters.
Theseciphersweresimpletouseandalsosimpletobreak.Becausehidinginformationwasstillimportant,moreadvancedtranspositionandsubstitutioncipherswererequired.Assystemsandtechnologybecamemorecomplex,cipherswerefrequentlyautomatedbysomemechanicalorelectromechanicaldevice.AfamousexampleofarelativelymodernencryptionmachineistheGermanEnigmamachinefromWorldWarII(seeFigure5.2).Thismachineusedacomplexseriesofsubstitutionstoperformencryption,andinterestinglyenoughitgaverisetoextensiveresearchincomputers.
•Figure5.2OneofthesurvivingGermanEnigmamachines
Caesar’scipherusesanalgorithmandakey:thealgorithmspecifiesthatyouoffsetthealphabeteithertotheright(forward)ortotheleft(backward),andthekeyspecifieshowmanyletterstheoffsetshouldbe.Forexample,ifthealgorithmspecifiesoffsettingthealphabettotheright,
andthekeyis3,theciphersubstitutesanalphabeticletterthreetotherightfortherealletter,sodisusedtorepresenta,frepresentsc,andsoon.Inthisexample,boththealgorithmandkeyaresimple,allowingforeasycryptanalysisofthecipherandeasyrecoveryoftheplaintextmessage.Theeasewithwhichshiftcipherswerebrokenledtothedevelopmentof
substitutionciphers,whichwerepopularinElizabethanEngland(roughlythesecondhalfofthe16thcentury)andmorecomplexthanshiftciphers.Substitutionciphersworkontheprincipleofsubstitutingadifferentletterforeveryletter:abecomesg,bbecomesd,andsoon.Thissystempermits26possiblevaluesforeveryletterinthemessage,makingtheciphermanytimesmorecomplexthanastandardshiftcipher.Simpleanalysisoftheciphercouldbeperformedtoretrievethekey,however.Bylookingforcommonletterssuchaseandpatternsfoundinwordssuchasing,youcandeterminewhichcipherlettercorrespondstowhichplaintextletter.Theexaminationofciphertextforfrequentlettersisknownasfrequencyanalysis.Makingeducatedguessesaboutwordswilleventuallyallowyoutodeterminethesystem’skeyvalue(seeFigure5.3).
•Figure5.3Makingeducatedguessesismuchlikeplayinghangman—correctguessescanleadtomoreorallofthekeybeingrevealed.
Tocorrectthisproblem,morecomplexityhadtobeaddedtothesystem.TheVigenèrecipherworksasapolyalphabeticsubstitutioncipherthatdependsonapassword.Thisisdonebysettingupasubstitutiontablelikethisone:
Thenthepasswordismatcheduptothetextitismeanttoencipher.Ifthepasswordisnotlongenough,thepasswordisrepeateduntilonecharacterofthepasswordismatchedupwitheachcharacteroftheplaintext.Forexample,iftheplaintextisSampleMessageandthepasswordispassword,theresultingmatchis
SAMPLEMESSAGEPASSWORDPASSW
Thecipherletterisdeterminedbyuseofthegrid,matchingtheplaintextcharacter’srowwiththepasswordcharacter’scolumn,resultinginasingleciphertextcharacterwherethetwomeet.ConsiderthefirstlettersSandP:whenpluggedintothegridtheyoutputaciphertextcharacterofH.Thisprocessisrepeatedforeveryletterofthemessage.Oncetherestofthelettersareprocessed,theoutputisHAEHHSDHHSSYA.Inthisexample,thekeyintheencryptionsystemisthepassword.The
examplealsoillustratesthatanalgorithmcanbesimpleandstillprovide
strongsecurity.Ifsomeoneknowsaboutthetable,theycandeterminehowtheencryptionwasperformed,buttheystillwillnotknowthekeytodecryptingthemessage.Themorecomplexthekey,thegreaterthesecurityofthesystem.The
Vigenèreciphersystemandsystemslikeitmakethealgorithmsrathersimplebutthekeyrathercomplex,withthebestkeyscomprisingverylongandveryrandomdata.Keycomplexityisachievedbygivingthekeyalargenumberofpossiblevalues.
TryThis!VigenèreCipherMakeasimplemessagethat’sabouttwosentenceslong,andthenchoosetwopasswords,onethat’sshortandonethat’slong.Then,usingthesubstitutiontablepresentedinthissection,performsimpleencryptiononthemessage.Comparethetwociphertexts;sinceyouhavetheplaintextandtheciphertext,youshouldbeabletoseeapatternofmatchingcharacters.Knowingthealgorithmused,seeifyoucandeterminethekeyusedtoencryptthemessage.
One-timePadsOne-timepadsareaninterestingformofencryptioninthattheytheoreticallyareperfectandunbreakable.Thekeyisthesamesizeorlargerthanthematerialbeingencrypted.TheplaintextisXOR’edagainstthekeyproducingtheciphertext.Whatmakestheone-timepad“perfect”isthesizeofthekey.Ifyouuseakeyspacefullofkeys,youwilldecrypteverypossiblemessageofthesamelengthastheoriginal,withnowaytodiscriminatewhichoneiscorrect.Thismakesaone-timepadunabletobebrokenbyevenbrute-forcemethods,providedthatthekeyisnotreused.Thismakesaone-timepadlessthanpracticalforanymassuse.
One-timepadsareexamplesofperfectciphersfromamathematicalpointofview.Butwhenput
intopractice,theimplementationcreatesweaknessesthatresultinlessthanperfectsecurity.Thisisanimportantreminderthatperfectciphersfromamathematicalpointofviewdonotcreateperfectsecurityinpracticebecauseofthelimitationsassociatedwithimplementation.
AlgorithmsEverycurrentencryptionschemeisbaseduponanalgorithm,astep-by-step,recursivecomputationalprocedureforsolvingaprobleminafinitenumberofsteps.Thecryptographicalgorithm—whatiscommonlycalledtheencryptionalgorithmorcipher—ismadeupofmathematicalstepsforencryptinganddecryptinginformation.Thefollowingillustrationshowsadiagramoftheencryptionanddecryptionprocessanditsparts.Therearethreetypesofencryptionalgorithmscommonlyused:hashing,symmetric,andasymmetric.Hashingisaveryspecialtypeofencryptionalgorithmthattakesaninputandmathematicallyreducesittoauniquenumberknownasahash,whichisnotreversible.Symmetricalgorithmsarealsoknownassharedsecretalgorithms,asthesamekeyisusedforencryptionanddecryption.Finally,asymmetricalgorithmsuseaverydifferentprocessemployingtwokeys,apublickeyandaprivatekey,makingupwhatisknownasakeypair.
Thebestalgorithmsarealwayspublicalgorithmsthathavebeenpublishedforpeerreviewbyothercryptographicandmathematicalexperts.Publicationisimportant,asanyflawsinthesystemcanbe
revealedbyothersbeforeactualuseofthesystem.Thisprocessgreatlyencouragestheuseofproventechnologies.Severalproprietaryalgorithmshavebeenreverse-engineered,exposingtheconfidentialdatathealgorithmstrytoprotect.ExamplesofthisincludethedecryptionofNikon’sproprietaryRAWformat,white-balanceencryption,andthecrackingoftheExxonMobilSpeedpassRFIDencryption.Theuseofaproprietarysystemcanactuallybelesssecurethanusingapublishedsystem.Whereasproprietarysystemsarenotmadeavailabletobetestedbypotentialcrackers,publicsystemsaremadepublicforpreciselythispurpose.
Oneofthemostcommoncryptographicfailuresisthecreationofyourownencryptionscheme.Rollingyourowncryptography,whetherincreatingalgorithmsorimplementationofexistingalgorithmsyourself,isarecipeforfailure.Alwaysuseapprovedalgorithmsandalwaysuseapprovedcryptolibrariestoimplement.
Asystemthatmaintainsitssecurityafterpublictestingcanbereasonablytrustedtobesecure.Apublicalgorithmcanbemoresecurebecausegoodsystemsrelyontheencryptionkeytoprovidesecurity,notthealgorithmitself.Theactualstepsforencryptingdatacanbepublished,becausewithoutthekey,theprotectedinformationcannotbeaccessed(seeFigure5.4).
•Figure5.4Whileeveryoneknowshowtouseaknobtoopenadoor,withoutthekeytounlocktheknob,thatknowledgeisuseless.
Akeyisaspecialpieceofdatausedinboththeencryptionanddecryptionprocesses.Thealgorithmsstaythesameineveryimplementation,butadifferentkeyisusedforeach,whichensuresthatevenifsomeoneknowsthealgorithmyouusetoprotectyourdata,hecannotbreakyoursecurity.
TechTip
XORApopularfunctionincryptographyiseXclusiveOR(XOR),whichisabitwisefunctionappliedtodata.WhenyouapplyakeytodatausingXOR,thenasecondapplicationundoesthefirstoperation.Thismakesforspeedyencryption/decryption,butmakesthesystemtotallydependentuponthesecrecyofthekey.Ahard-codedkeyinaprogramwillbediscovered,makingthisaweaksecuritymechanisminmostcases.
Comparingthestrengthoftwodifferentalgorithmscanbemathematicallyverychallenging;fortunatelyforthelayperson,thereisaroughguide.Mostcurrentalgorithmsarelistedwiththeirkeysizeinbits.Unlessaspecificalgorithmhasbeenshowntobeflawed,ingeneral,thegreaternumberofbitswillyieldamoresecuresystem.Thisworkswellforagivenalgorithm,butismeaninglesstocomparedifferentalgorithms.Thegoodnewsisthatmostmoderncryptographyismorethanstrongenoughforallbuttechnicaluses,andforthoseusesexpertscandetermineappropriatealgorithmsandkeylengthstoprovidethenecessaryprotections.
TechTip
Man-in-the-MiddleAttackAman-in-the-middleattackisdesignedtodefeatproperkeyexchangebyinterceptingtheremoteparty’skeyandreplacingitwiththeattacker’skeyinbothdirections.Ifdoneproperly,onlytheattackerknowsthattheencryptedtrafficisnotsecureandtheencryptedtrafficcanbereadbytheattacker.
KeyManagementBecausethesecurityofthealgorithmsreliesonthekey,keymanagementisofcriticalconcern.Keymanagementincludesanythinghavingtodowiththeexchange,storage,safeguarding,andrevocationofkeys.Itismostcommonlyassociatedwithasymmetricencryption,sinceasymmetricencryptionusesbothpublicandprivatekeys.Tobeusedproperlyfor
authentication,akeymustbecurrentandverified.Ifyouhaveanoldorcompromisedkey,youneedawaytochecktoseethatthekeyhasbeenrevoked.Keymanagementisalsoimportantforsymmetricencryption,because
symmetricencryptionreliesonbothpartieshavingthesamekeyforthealgorithmtowork.Sincethesepartiesareusuallyphysicallyseparate,keymanagementiscriticaltoensurekeysaresharedandexchangedeasily.Theymustalsobesecurelystoredtoprovideappropriateconfidentialityoftheencryptedinformation.Therearemanydifferentapproachestosecurestorageofkeys,suchasputtingthemonaUSBflashdriveorsmartcard.Whilekeyscanbestoredinmanydifferentways,newPChardwareoftenincludestheTrustedPlatformModule(TPM),whichprovidesahardware-basedkeystoragelocationthatisusedbymanyapplications.(MorespecificinformationaboutthemanagementofkeysisprovidedlaterinthischapterandinChapter6.)
RandomNumbersManydigitalcryptographicalgorithmshaveaneedforarandomnumbertoactasaseedandprovidetruerandomness.Oneofthestrengthsofcomputersisthattheycandoataskoverandoveragainintheexactsamemanner—nonoiseorrandomness.Thisisgreatformosttasks,butingeneratingarandomsequenceofvalues,itpresentschallenges.Softwarelibrarieshavepseudo-randomgenerators,functionsthatproduceaseriesofnumbersthatstatisticallyappearrandom.Buttheserandomnumbergeneratorsaredeterministicinthat,giventhesequence,youcancalculatefuturevalues.Thismakestheminappropriateforuseincryptographicsituations.Theleveloramountofrandomnessisreferredtoasentropy.Entropyis
themeasureofuncertaintyassociatedwithaseriesofvalues.Perfectentropyequatestocompleterandomness,suchthatgivenanystringofbits,thereisnocomputationtoimproveguessingthenextbitinthesequence.Asimple“measure”ofentropyisinbits,wherethebitsarethepowerof2
thatrepresentsthenumberofchoices.Soifthereare2048options,thenthiswouldrepresent11bitsofentropy.Inthisfashion,onecancalculatetheentropyofpasswordsandmeasurehow“hardtheyaretoguess.”
TechTip
RandomnessIssuesTheimportanceofproperrandomnumbergenerationincryptosystemscannotbeunderestimated.RecentreportsbytheGuardianandtheNewYorkTimesassertthattheU.S.NationalSecurityAgency(NSA)hasputabackdoorintotheCryptographicallySecureRandomNumberGenerator(CSPRNG)algorithmsdescribedinNISTSP800-90A,particularlytheDual_EC_DRBGalgorithm.FurtherallegationsarethattheNSApaidRSA$10milliontousetheresultingstandardinitsproductline.
Toresolvetheproblemofappropriaterandomness,therearesystemstocreatecryptographicrandomnumbers.Thelevelofcomplexityofthesystemisdependentuponthelevelofpurerandomnessneeded.Forsomefunctions,suchasmasterkeys,theonlytruesolutionisahardware-basedrandomnumbergeneratorthatcanusephysicalpropertiestoderiveentropy.Inother,lessdemandingcases,acryptographiclibrarycallcanprovidethenecessaryentropy.Whilethetheoreticalstrengthofthecryptosystemdependsonthealgorithm,thestrengthoftheimplementationinpracticecandependonissuessuchasthekey.Thisisaveryimportantissueandmistakesmadeinimplementationcaninvalidateeventhestrongestalgorithmsinpractice.
HashingFunctionsHashingfunctionsarecommonlyusedencryptionmethods.Ahashingfunctionorhashfunctionisaspecialmathematicalfunctionthatperformsaone-wayfunction,whichmeansthatoncethealgorithmisprocessed,thereisnofeasiblewaytousetheciphertexttoretrievetheplaintextthatwasusedtogenerateit.Also,ideally,thereisnofeasiblewaytogenerate
twodifferentplaintextsthatcomputetothesamehashvalue.Thehashvalueistheoutputofthehashingalgorithmforaspecificinput.Theillustrationshowstheone-waynatureofthesefunctions.
Commonusesofhashingalgorithmsaretostorecomputerpasswordsandtoensuremessageintegrity.Theideaisthathashingcanproduceauniquevaluethatcorrespondstothedataentered,butthehashvalueisalsoreproduciblebyanyoneelserunningthesamealgorithmagainstthesamedata.Soyoucouldhashamessagetogetamessageauthenticationcode(MAC),andthecomputationalnumberofthemessagewouldshowthatnointermediaryhasmodifiedthemessage.Thisprocessworksbecausehashingalgorithmsaretypicallypublic,andanyonecanhashdatausingthespecifiedalgorithm.Itiscomputationallysimpletogeneratethehash,soitissimpletocheckthevalidityorintegrityofsomethingbymatchingthegivenhashtoonethatislocallygenerated.Severalprogramscancomputehashvaluesforaninputfile,asshowninFigure5.5.Hash-basedMessageAuthenticationCode(HMAC)isaspecialsubsetofhashingtechnology.ItisahashalgorithmappliedtoamessagetomakeaMAC,butitisdonewithapreviouslysharedsecret.SotheHMACcanprovideintegritysimultaneouslywithauthentication.HMAC-MD5isusedintheNTLANManagerversion2challenge/responseprotocol.
•Figure5.5Thereareseveralprogramsavailablethatwillacceptan
inputandproduceahashvalue,lettingyouindependentlyverifytheintegrityofdownloadedcontent.
Ahashalgorithmcanbecompromisedwithwhatiscalledacollisionattack,inwhichanattackerfindstwodifferentmessagesthathashtothesamevalue.Thistypeofattackisverydifficultandrequiresgeneratingaseparatealgorithmthatattemptstofindatextthatwillhashtothesamevalueofaknownhash.Thismustoccurfasterthansimplyeditingcharactersuntilyouhashtothesamevalue,whichisabrute-forcetypeattack.Theconsequenceofahashfunctionthatsuffersfromcollisionsisalossofintegrity.Ifanattackercanmaketwodifferentinputspurposefullyhashtothesamevalue,shemighttrickpeopleintorunningmaliciouscodeandcauseotherproblems.PopularhashalgorithmsaretheSecureHashAlgorithm(SHA)series,theRIPEMDalgorithms,andtheMessageDigest(MD)hashofvaryingversions(MD2,MD4,MD5).Becauseofweaknesses,andcollisionattackvulnerabilities,manyhashfunctionsarenowconsideredtobeinsecure,includingMD2,MD4,MD5,andSHA-1series.
TechTip
HashingAlgorithmsThehashingalgorithmsincommonuseareMD2,MD4,andMD5,andSHA-1,SHA-256,SHA-384,andSHA-512.Becauseofpotentialcollisions,MD2,MD4,MD5,andSHA-1havebeendeprecatedbymanygroups.Althoughnotconsideredsecure,theyarestillfoundinuse,atestamenttoslowadoptionofbettersecurity.
Hashingfunctionsareverycommonandplayanimportantroleinthewayinformation,suchaspasswords,isstoredsecurely,andthewayinwhichmessagescanbesigned.Bycomputingadigestofthemessage,lessdataneedstobesignedbythemorecomplexasymmetricencryption,andthisstillmaintainsassurancesaboutmessageintegrity.Thisistheprimarypurposeforwhichtheprotocolsweredesigned,andtheirsuccesswill
allowgreatertrustinelectronicprotocolsanddigitalsignatures.
SHASecureHashAlgorithm(SHA)referstoasetofhashalgorithmsdesignedandpublishedbytheNationalInstituteofStandardsandTechnology(NIST)andtheNationalSecurityAgency(NSA).ThesealgorithmsareincludedintheSHAstandardFederalInformationProcessingStandards(FIPS)180-2and180-3.TheindividualstandardsarenamedSHA-1,SHA-224,SHA-256,SHA-384,andSHA-512.ThelatterthreevariantsareoccasionallyreferredtocollectivelyasSHA-2.ThenewestversionisknownasSHA-3,whichisspecifiedinFIPS202.
SHA-1SHA-1,developedin1993,wasdesignedasthealgorithmtobeusedforsecurehashingintheU.S.DigitalSignatureStandard(DSS).ItismodeledontheMD4algorithmandimplementsfixesinthatalgorithmdiscoveredbytheNSA.Itcreatesmessagedigests160bitslongthatcanbeusedbytheDigitalSignatureAlgorithm(DSA),whichcanthencomputethesignatureofthemessage.Thisiscomputationallysimpler,asthemessagedigestistypicallymuchsmallerthantheactualmessage—smallermessage,lesswork.
TechTip
BlockModeinHashingMosthashalgorithmsuseblockmodetoprocess;thatis,theyprocessallinputinsetblocksofdatasuchas512-bitblocks.Thefinalhashistypicallygeneratedbyaddingtheoutputblockstogethertoformthefinaloutputstringof160or512bits.
SHA-1works,asdoallhashingfunctions,byapplyingacompressionfunctiontothedatainput.Itacceptsaninputofupto264bitsorlessand
thencompressesdowntoahashof160bits.SHA-1worksinblockmode,separatingthedataintowordsfirst,andthengroupingthewordsintoblocks.Thewordsare32-bitstringsconvertedtohex;groupedtogetheras16words,theymakeupa512-bitblock.IfthedatathatisinputtoSHA-1isnotamultipleof512,themessageispaddedwithzerosandanintegerdescribingtheoriginallengthofthemessage.Oncethemessagehasbeenformattedforprocessing,theactualhashcanbegenerated.The512-bitblocksaretakeninorderuntiltheentiremessagehasbeenprocessed.
Trytokeepattacksoncrypto-systemsinperspective.Whilethetheoryofattackinghashingthroughcollisionsissolid,findingacollisionstilltakesenormousamountsofeffort.InthecaseofattackingSHA-1,thecollisionisabletobefoundfasterthanapurebrute-forcemethod,butbymostestimateswillstilltakeseveralyears.
Atonetime,SHA-1wasoneofthemoresecurehashfunctions,butithasbeenfoundtobevulnerabletoacollisionattack.Thisattackfoundacollisionin269computations,lessthanthebrute-forcemethodof280computations.Whilethisisnotatremendouslypracticalattack,itdoessuggestaweakness.Thus,manysecurityprofessionalsaresuggestingthatimplementationsofSHA-1bemovedtooneoftheotherSHAversions.Theselongerversions,SHA-256,SHA-384,andSHA-512,allhavelongerhashresults,makingthemmoredifficulttoattacksuccessfully.TheaddedsecurityandresistancetoattackinSHA-2doesrequiremoreprocessingpowertocomputethehash.
SHA-2SHA-2isacollectivenameforSHA-224,SHA-256,SHA-384,andSHA-512.SHA-256issimilartoSHA-1inthatitalsoacceptsinputoflessthan264bitsandreducesthatinputtoahash.Thisalgorithmreducesto256bitsinsteadofSHA-1’s160.DefinedinFIPS180-2in2002,SHA-256islistedasanupdatetotheoriginalFIPS180thatdefinedSHA.SimilartoSHA-1,
SHA-256uses32-bitwordsand512-bitblocks.Paddingisaddeduntiltheentiremessageisamultipleof512.SHA-256usessixty-four32-bitwords,eightworkingvariables,andresultsinahashvalueofeight32-bitwords,hence256bits.SHA-224isatruncatedversionoftheSHA-256algorithmthatresultsina224-bithashvalue.TherearenoknowncollisionattacksagainstSHA-256;however,anattackonreduced-roundSHA-256ispossible.SHA-512isalsosimilartoSHA-1,butithandleslargersetsofdata.
SHA-512accepts2128bitsofinput,whichitpadsuntilithasseveralblocksofdatain1024-bitblocks.SHA-512alsouses64-bitwordsinsteadofSHA-1’s32-bitwords.Ituseseight64-bitwordstoproducethe512-bithashvalue.SHA-384isatruncatedversionofSHA-512thatusessix64-bitwordstoproducea384-bithash.WhileSHA-2isnotascommonasSHA-1,moreapplicationsare
startingtoutilizeitafterSHA-1wasshowntobepotentiallyvulnerabletoacollisionattack.
SHA-3SHA-3isthenamefortheSHA-2replacement.In2012,theKeccakhashfunctionwontheNISTcompetitionandwaschosenasthebasisfortheSHA-3method.BecausethealgorithmiscompletelydifferentfromthepreviousSHAseries,ithasprovedtobemoreresistanttoattacksthataresuccessfulagainstthem.AstheSHA-3seriesisrelativelynew,ithasnotbeenwidelyadoptedinmanyciphersuitesyet.
TheSHA-2andSHA-3seriesarecurrentlyapprovedforuse.SHA-1hasbeendeprecatedanditsusediscontinuedinmanystrongciphersuites.
RIPEMD
RACEIntegrityPrimitivesEvaluationMessageDigest(RIPEMD)isahashingfunctiondevelopedbytheRACEIntegrityPrimitivesEvaluation(RIPE)consortium.Itoriginallyprovideda128-bithashandwaslatershowntohaveproblemswithcollisions.RIPEMDwasstrengthenedtoa160-bithashknownasRIPEMD-160byHansDobbertin,AntoonBosselaers,andBartPreneel.Therearealso256-and320-bitversionsofthealgorithmknownasRIPEMD-256andRIPEMD-320.
RIPEMD-160RIPEMD-160isanalgorithmbasedonMD4,butitusestwoparallelchannelswithfiverounds.Theoutputconsistsoffive32-bitwordstomakea160-bithash.TherearealsolargeroutputextensionsoftheRIPEMD-160algorithm.Theseextensions,RIPEMD-256andRIPEMD-320,offeroutputsof256bitsand320bits,respectively.Whiletheseofferlargeroutputsizes,thisdoesnotmakethehashfunctioninherentlystronger.
MessageDigestMessageDigest(MD)isthegenericversionofoneofseveralalgorithmsthataredesignedtocreateamessagedigestorhashfromdatainputintothealgorithm.MDalgorithmsworkinthesamemannerasSHAinthattheyuseasecuremethodtocompressthefileandgenerateacomputedoutputofaspecifiednumberofbits.TheMDalgorithmswerealldevelopedbyRonaldL.RivestofMIT.
MD2MD2wasdevelopedin1989andisinsomewaysanearlyversionofthelaterMD5algorithm.Ittakesadatainputofanylengthandproducesahashoutputof128bits.ItisdifferentfromMD4andMD5inthatMD2isoptimizedfor8-bitmachines,whereastheothertwoareoptimizedfor32-bitmachines.Afterthefunctionhasbeenrunforevery16bytesofthe
message,theoutputresultisa128-bitdigest.TheonlyknownattackthatissuccessfulagainstMD2requiresthatthechecksumnotbeappendedtothemessagebeforethehashfunctionisrun.Withoutachecksum,thealgorithmcanbevulnerabletoacollisionattack.Somecollisionattacksarebaseduponthealgorithm’sinitializationvector(IV).
MD4MD4wasdevelopedin1990andisoptimizedfor32-bitcomputers.Itisafastalgorithm,butitissubjecttomoreattacksthanmoresecurealgorithmssuchasMD5.AnextendedversionofMD4computesthemessageinparallelandproducestwo128-bitoutputs—effectivelya256-bithash.Eventhoughalongerhashisproduced,securityhasnotbeenimprovedbecauseofbasicflawsinthealgorithm.Acryptographer,HansDobbertin,hasshownhowcollisionsinMD4canbefoundinunderaminuteusingjustaPC.Thisvulnerabilitytocollisionsappliesto128-bitMD4aswellas256-bitMD4.Becauseofweaknesses,peoplehavemovedawayfromMD4tomorerobusthashfunctions.
MD5MD5wasdevelopedin1991andisstructuredafterMD4butwithadditionalsecuritytoovercometheproblemsinMD4.Therefore,itisverysimilartotheMD4algorithm,onlyslightlyslowerandmoresecure.
MD5createsa128-bithashofamessageofanylength.
Recently,successfulattacksonthealgorithmhaveoccurred.Cryptanalysishasdisplayedweaknessesinthecompressionfunction.However,thisweaknessdoesnotlenditselftoanattackonMD5itself.CzechcryptographerVlastimilKlímapublishedworkshowingthatMD5collisionscanbecomputedinabouteighthoursonastandardhomePC.In
November2007,researcherspublishedresultsshowingtheabilitytohavetwoentirelydifferentWin32executableswithdifferentfunctionalitybutthesameMD5hash.Thisdiscoveryhasobviousimplicationsforthedevelopmentofmalware.ThecombinationoftheseproblemswithMD5haspushedpeopletoadoptastrongSHAversionforsecurityreasons.
TechTip
RainbowTablesRainbowtablesareprecomputedhashtablesthatenablelookingupsmalltextentriesviatheirhashvalues.Thismakeshashedpasswords“reversible”bylookingupthehashinaprecomputedhashtable.Thisworksforsmallpasswords(lessthan10characters)andisveryfast.Saltingpasswordsisoneofthedefensesagainstthesetables.
HashingSummaryHashingfunctionsareverycommon,andtheyplayanimportantroleinthewayinformation,suchaspasswords,isstoredsecurelyandthewayinwhichmessagescanbesigned.Bycomputingadigestofthemessage,lessdataneedstobesignedbythemorecomplexasymmetricencryption,andthisstillmaintainsassurancesaboutmessageintegrity.Thisistheprimarypurposeforwhichtheprotocolsweredesigned,andtheirsuccesswillallowgreatertrustinelectronicprotocolsanddigitalsignatures.ThefollowingillustrationshowsanMD5hashcalculationinLinux.
SymmetricEncryptionSymmetricencryptionistheolderandsimplermethodofencryptinginformation.Thebasisofsymmetricencryptionisthatboththesenderandthereceiverofthemessagehavepreviouslyobtainedthesamekey.Thisis,infact,thebasisforeventheoldestciphers—theSpartansneededtheexactsamesizecylinder,makingthecylinderthe“key”tothemessage,andinshiftciphersbothpartiesneedtoknowthedirectionandamountofshiftbeingperformed.Allsymmetricalgorithmsarebaseduponthissharedsecretprinciple,includingtheunbreakableone-timepadmethod.Figure5.6isasimplediagramshowingtheprocessthatasymmetric
algorithmgoesthroughtoprovideencryptionfromplaintexttociphertext.Thisciphertextmessageis,presumably,transmittedtothemessagerecipient,whogoesthroughtheprocesstodecryptthemessageusingthesamekeythatwasusedtoencryptthemessage.Figure5.6showsthekeystothealgorithm,whicharethesamevalueinthecaseofsymmetricencryption.
•Figure5.6Layoutofasymmetricalgorithm
Unlikewithhashfunctions,acryptographickeyisinvolvedinsymmetricencryption,sotheremustbeamechanismforkeymanagement(discussedearlierinthechapter).Managingthecryptographickeysiscriticallyimportantinsymmetricalgorithmsbecausethekeyunlocksthedatathatisbeingprotected.However,thekeyalsoneedstobeknownby,ortransmittedtoinaconfidentialway,thepartytowhichyouwishtocommunicate.Akeymustbemanagedatallstages,whichrequiressecuringitonthelocalcomputer,securingitontheremoteone,protectingitfromdatacorruption,protectingitfromloss,and,probablythemostimportantstep,protectingitwhileitistransmittedbetweenthetwoparties.Laterinthechapterwewilllookatpublickeycryptography,whichgreatlyeasesthekeymanagementissue,butforsymmetricalgorithmsthemostimportantlessonistostoreandsendthekeyonlybyknownsecuremeans.Someofthemorepopularsymmetricencryptionalgorithmsinusetoday
areDES,3DES,AES,andIDEA.
DESDES,theDataEncryptionStandard,wasdevelopedinresponsetotheNationalBureauofStandards(NBS),nowknownastheNationalInstituteofStandardsandTechnology(NIST),issuingarequestforproposalsforastandardcryptographicalgorithmin1973.NBSreceivedapromising
responseinanalgorithmcalledLucifer,originallydevelopedbyIBM.TheNBSandtheNSAworkedtogethertoanalyzethealgorithm’ssecurity,andeventuallyDESwasadoptedasafederalstandardin1976.DESiswhatisknownasablockcipher;itsegmentstheinputdatainto
blocksofaspecifiedsize,typicallypaddingthelastblocktomakeitamultipleoftheblocksizerequired.Thisisincontrasttoastreamcipher,whichencryptsthedatabitbybit.InthecaseofDES,theblocksizeis64bits,whichmeansDEStakesa64-bitinputandoutputs64bitsofciphertext.Thisprocessisrepeatedforall64-bitblocksinthemessage.DESusesakeylengthof56bits,andallsecurityrestswithinthekey.Thesamealgorithmandkeyareusedforbothencryptionanddecryption.Atthemostbasiclevel,DESperformsasubstitutionandthena
permutation(aformoftransposition)ontheinput,baseduponthekey.Thisactioniscalledaround,andDESperformsthis16timesonevery64-bitblock.Thealgorithmgoesstepbystep,producing64-bitblocksofciphertextforeachplaintextblock.ThisiscarriedonuntiltheentiremessagehasbeenencryptedwithDES.Asmentioned,thesamealgorithmandkeyareusedtodecryptandencryptwithDES.Theonlydifferenceisthatthesequenceofkeypermutationsisusedinreverseorder.OvertheyearsthatDEShasbeenacryptographicstandard,alotof
cryptanalysishasoccurred,andwhilethealgorithmhasheldupverywell,someproblemshavebeenencountered.Weakkeysarekeysthatarelesssecurethanthemajorityofkeysallowedinthekeyspaceofthealgorithm.InthecaseofDES,becauseofthewaytheinitialkeyismodifiedtogetthesubkey,certainkeysareweakkeys.Theweakkeysequateinbinarytohavingall1’sorall0’s,likethoseshowninFigure5.7,ortohavinghalfthekeyall1’sandtheotherhalfall0’s.
•Figure5.7WeakDESkeys
Semiweakkeys,withwhichtwokeyswillencryptplaintexttoidenticalciphertext,alsoexist,meaningthateitherkeywilldecrypttheciphertext.Thetotalnumberofpossiblyweakkeysis64,whichisverysmallrelativetothe256possiblekeysinDES.With16roundsandnotusingaweakkey,DESisreasonablysecure
and,amazingly,hasbeenformorethantwodecades.In1999,adistributedeffortconsistingofasupercomputerand100,000PCsovertheInternetwasmadetobreaka56-bitDESkey.Byattemptingmorethan240billionkeyspersecond,theeffortwasabletoretrievethekeyinlessthanaday.Thisdemonstratesanincredibleresistancetocrackinga20-year-oldalgorithm,butitalsodemonstratesthatmorestringentalgorithmsareneededtoprotectdatatoday.
3DESTripleDES(3DES)isavariantofDES.Dependingonthespecificvariant,ituseseithertwoorthreekeysinsteadofthesinglekeythatDESuses.ItalsospinsthroughtheDESalgorithmthreetimesviawhat’scalledmultipleencryption.Multipleencryptioncanbeperformedinseveraldifferentways.The
simplestmethodofmultipleencryptionisjusttostackalgorithmsontopofeachother—takingplaintext,encryptingitwithDES,thenencryptingthefirstciphertextwithadifferentkey,andthenencryptingthesecondciphertextwithathirdkey.Inreality,thistechniqueislesseffectivethanthetechniquethat3DESuses.Oneofthemodesof3DES(EDEmode)istoencryptwithonekey,thendecryptwithasecond,andthenencryptwithathird,asshowninFigure5.8.
•Figure5.8Diagramof3DES
Thisgreatlyincreasesthenumberofattemptsneededtoretrievethekeyandisasignificantenhancementofsecurity.Theadditionalsecuritycomesataprice,however.Itcantakeuptothreetimeslongertocompute3DESthantocomputeDES.However,theadvancesinmemoryandprocessing
powerintoday’selectronicsshouldmakethisproblemirrelevantinalldevicesexceptforverysmalllow-powerhandhelds.Theonlyweaknessesof3DESarethosethatalreadyexistinDES.
However,duetotheuseofdifferentkeysinthesamealgorithm,effectingalongerkeylengthbyaddingthefirstkeyspacetothesecondkeyspace,andthegreaterresistancetobrute-forcing,3DEShaslessactualweakness.While3DEScontinuestobepopularandisstillwidelysupported,AEShastakenoverasthesymmetricencryptionstandard.
AESThecurrentgoldstandardforsymmetricencryptionistheAESalgorithm.Developedinresponsetoaworldwidecallinthelate1990sforanewsymmetriccipher,agroupofDutchresearcherssubmittedamethodcalledRijndael(pronounced“raindoll”).Inthefallof2000,NISTpickedRijndaeltobethenewAES.Itwas
chosenforitsoverallsecurityaswellasitsgoodperformanceonlimited-capacitydevices.Rijndael’sdesignwasinfluencedbySquare,alsowrittenbyJoanDaemenandVincentRijmen.LikeSquare,Rijndaelisablockcipherthatseparatesdatainputinto128-bitblocks.Rijndaelcanalsobeconfiguredtouseblocksof192or256bits,butAEShasstandardizedon128-bitblocks.AEScanhavekeysizesof128,192,and256bits,withthesizeofthekeyaffectingthenumberofroundsusedinthealgorithm.LongerkeyversionsareknownasAES-192andAES-256,respectively.
TechTip
AESinDepthForamorein-depthdescriptionofAES,seetheNISTdocumenthttp://csrc.nist.gov/publications/fips/fips197/fips-197.pdf.
TheRijndael/AESalgorithmiswellthoughtoutandhasasuitablekey
lengthtoprovidesecurityformanyyearstocome.WhilenoefficientattackscurrentlyexistagainstAES,moretimeandanalysiswilltellifthisstandardcanlastaslongasDEShas.
CASTCASTisanencryptionalgorithmthatissimilartoDESinitsstructure.ItwasdesignedbyCarlisleAdamsandStaffordTavares.CASTusesa64-bitblocksizefor64-and128-bitkeyversions,anda128-bitblocksizeforthe256-bitkeyversion.LikeDES,itdividestheplaintextblockintoalefthalfandarighthalf.TherighthalfisthenputthroughfunctionfandthenisXORedwiththelefthalf.Thisvaluebecomesthenewrighthalf,andtheoriginalrighthalfbecomesthenewlefthalf.Thisisrepeatedforeightroundsfora64-bitkey,andtheleftandrightoutputisconcatenatedtoformtheciphertextblock.ThealgorithminCAST-256formwassubmittedfortheAESstandardbutwasnotchosen.CASThasundergonethoroughanalysis,withonlyminorweaknessesdiscoveredthataredependentonlownumbersofrounds.Currently,nobetterwayisknowntobreakhigh-roundCASTthanbybrute-forcingthekey,meaningthatwithsufficientkeylength,CASTshouldbeplacedwithothertrustedalgorithms.
RCRCisageneraltermforseveralciphersalldesignedbyRonRivest—RCofficiallystandsforRivestCipher.RC1,RC2,RC3,RC4,RC5,andRC6areallciphersintheseries.RC1andRC3nevermadeittorelease,butRC2,RC4,RC5,andRC6areallworkingalgorithms.
RC2RC2wasdesignedasaDESreplacement,anditisavariable-key-sizeblock-modecipher.Thekeysizecanbefrom8bitsto1024bits,withtheblocksizebeingfixedat64bits.RC2breaksuptheinputblocksintofour
16-bitwordsandthenputsthemthrough18roundsofeithermixormashoperations,outputting64bitsofciphertextfor64bitsofplaintext.AccordingtoRSA,RC2isuptothreetimesfasterthanDES.RSA
maintainedRC2asatradesecretforalongtime,withthesourcecodeeventuallybeingillegallypostedontheInternet.TheabilityofRC2toacceptdifferentkeylengthsisoneofthelargervulnerabilitiesinthealgorithm.Anykeylengthbelow64bitscanbeeasilyretrievedbymoderncomputationalpower.Additionally,thereisarelatedkeyattackthatneeds234chosenplaintextstowork.Consideringtheseweaknesses,RC2isnotrecommendedasastrongcipher.
RC5RC5isablockcipher,writtenin1994.Ithasmultiplevariableelements,numbersofrounds,keysizes,andblocksizes.Thisalgorithmisrelativelynew,butifconfiguredtorunenoughrounds,RC5seemstoprovideadequatesecurityforcurrentbrute-forcingtechnology.Rivestrecommendsusingatleast12rounds.With12roundsinthealgorithm,cryptanalysisinalinearfashionproveslesseffectivethanbrute-forceagainstRC5,anddifferentialanalysisfailsfor15ormorerounds.AneweralgorithmisRC6.
RC6RC6isbasedonthedesignofRC5.Itusesa128-bitblocksize,separatedintofourwordsof32bitseach.Itusesaroundcountof20toprovidesecurity,andithasthreepossiblekeysizes:128,192,and256bits.RC6isamodernalgorithmthatrunswellon32-bitcomputers.Withasufficientnumberofrounds,thealgorithmmakesbothlinearanddifferentialcryptanalysisinfeasible.Theavailablekeylengthsmakebrute-forceattacksextremelytime-consuming.RC6shouldprovideadequatesecurityforsometimetocome.
RC4
RC4wascreatedbeforeRC5andRC6,butitdiffersinoperation.RC4isastreamcipher,whereasallthesymmetriccipherswehavelookedatsofarhavebeenblockciphers.Astreamcipherworksbyencipheringtheplaintextinastream,usuallybitbybit.Thismakesstreamciphersfasterthanblock-modeciphers.StreamciphersaccomplishthisbyperformingabitwiseXORwiththeplaintextstreamandageneratedkeystream.RC4operatesinthismanner.Itwasdevelopedin1987andremaineda
tradesecretofRSAuntilitwaspostedtotheInternetin1994.RC4canuseakeylengthof8to2048bits,thoughthemostcommonversionsuse128-bitkeysor,ifsubjecttotheoldexportrestrictions,40-bitkeys.Thekeyisusedtoinitializea256-bytestatetable.Thistableisusedtogeneratethepseudo-randomstreamthatisXORedwiththeplaintexttogeneratetheciphertext.Alternatively,thestreamisXORedwiththeciphertexttoproducetheplaintext.Thealgorithmisfast,sometimestentimesfasterthanDES.Themost
vulnerablepointoftheencryptionisthepossibilityofweakkeys.Onekeyin256cangeneratebytescloselycorrelatedwithkeybytes.ProperimplementationsofRC4needtoincludeweakkeydetection.
RC4isthemostwidelyusedstreamcipherandisusedinpopularprotocolssuchasTransportLayerSecurity(TLS)andWEP/WPA/WPA2.
BlowfishBlowfishwasdesignedin1994byBruceSchneier.Itisablock-modecipherusing64-bitblocksandavariablekeylengthfrom32to448bits.Itwasdesignedtorunquicklyon32-bitmicroprocessorsandisoptimizedforsituationswithfewkeychanges.Encryptionisdonebyseparatingthe64-bitinputblockintotwo32-bitwords,andthenafunctionisexecutedeveryround.Blowfishhas16rounds;oncetheroundsarecompleted,the
twowordsarethenrecombinedtoformthe64-bitoutputciphertext.TheonlysuccessfulcryptanalysistodateagainstBlowfishhasbeenagainstvariantsthatusedareducednumberofrounds.Theredoesnotseemtobeaweaknessinthefull16-roundversion.
TwofishTwofishwasdevelopedbyBruceSchneier,DavidWagner,ChrisHall,NielsFerguson,JohnKelsey,andDougWhiting.TwofishwasoneofthefivefinalistsfortheAEScompetition.LikeotherAESentrants,itisablockcipher,utilizing128-bitblockswithavariable-lengthkeyofupto256bits.Ituses16roundsandsplitsthekeymaterialintotwosets,onetoperformtheactualencryptionandtheothertoloadintothealgorithm’sS-boxes.Thisalgorithmisavailableforpublicuseandhasproventobesecure.
TechTip
S-BoxesS-boxes,orsubstitutionboxes,areamethodusedtoprovideconfusion,aseparationoftherelationshipbetweenthekeybitsandtheciphertextbits.Usedinmostsymmetricschemes,theyperformaformofsubstitutionandcanprovidesignificantstrengtheningofanalgorithmagainstcertainformsofattack.Theycanbeintheformoflookuptables,eitherstaticlikeDES,ordynamic(basedonthekey)inotherformssuchasTwofish.
IDEAIDEA(InternationalDataEncryptionAlgorithm)startedoutasPES,orProposedEncryptionCipher,in1990,anditwasmodifiedtoimproveitsresistancetodifferentialcryptanalysisanditsnamewaschangedtoIDEAin1992.Itisablock-modecipherusinga64-bitblocksizeanda128-bitkey.Theinputplaintextissplitintofour16-bitsegments,A,B,C,andD.
Theprocessuseseightrounds,withafinalfour-stepprocess.Theoutputofthelastfourstepsisthenconcatenatedtoformtheciphertext.Allcurrentcryptanalysisonfull,eight-roundIDEAshowsthatthemost
efficientattackwouldbetobrute-forcethekey.The128-bitkeywouldpreventthisattackbeingaccomplished,givencurrentcomputertechnology.TheonlyknownissueisthatIDEAissusceptibletoaweakkey—likeakeythatismadeofall0’s.Thisweakkeyconditioniseasytocheckfor,andtheweaknessissimpletomitigate.
Blockvs.StreamWhenencryptionoperationsareperformedondata,therearetwoprimarymodesofoperation,blockandstream.Blockoperationsareperformedonblocksofdata,enablingbothtranspositionandsubstitutionoperations.Thisispossiblewhenlargepiecesofdataarepresentfortheoperations.StreamdatahasbecomemorecommonwithaudioandvideoacrosstheWeb.Theprimarycharacteristicofstreamdataisthatitisnotavailableinlargechunks,buteitherbitbybitorbytebybyte,piecestoosmallforblockoperations.Streamciphersoperateusingsubstitutiononlyandthereforeofferlessrobustprotectionthanblockciphers.Table5.1comparesandcontrastsblockandstreamciphers.
Table5.1 ComparisonofBlockandStreamCiphers
SymmetricEncryptionSummarySymmetricalgorithmsareimportantbecausetheyarecomparativelyfastandhavefewcomputationalrequirements.Theirmainweaknessisthattwogeographicallydistantpartiesbothneedtohaveakeythatmatchestheotherkeyexactly(seeFigure5.9).
•Figure5.9Symmetrickeysmustmatchexactlytoencryptanddecryptthemessage.
AsymmetricEncryptionAsymmetricencryptionismorecommonlyknownaspublickeycryptography.Asymmetricencryptionisinmanywayscompletelydifferentfromsymmetricencryption.Whilebothareusedtokeepdatafrombeingseenbyunauthorizedusers,asymmetriccryptographyusestwokeysinsteadofone.ItwasinventedbyWhitfieldDiffieandMartinHellmanin1975.Thesystemusesapairofkeys:aprivatekeythatiskeptsecretandapublickeythatcanbesenttoanyone.Thesystem’ssecurityreliesuponresistancetodeducingonekey,giventheother,andthusretrievingtheplaintextfromtheciphertext.Asymmetricencryptioncreatesthepossibilityofdigitalsignaturesand
alsoaddressesthemainweaknessofsymmetriccryptography.Theabilitytosendmessagessecurelywithoutsendersandreceivershavinghadpriorcontacthasbecomeoneofthebasicconcernswithsecurecommunication.Digitalsignatureswillenablefasterandmoreefficientexchangeofallkindsofdocuments,includinglegaldocuments.Withstrongalgorithmsandgoodkeylengths,securitycanbeassured.Asymmetricencryptioninvolvestwoseparatebutmathematically
relatedkeys.Thekeysareusedinanopposingfashion.Onekeyundoestheactionsoftheotherandviceversa.So,asshowninFigure5.10,ifyouencryptamessagewithonekey,theotherkeyisusedtodecryptthemessage.Inthetopexample,AlicewishestosendaprivatemessagetoBob,sosheusesBob’spublickeytoencryptthemessage.Then,sinceonlyBob’sprivatekeycandecryptthemessage,onlyBobcanreadit.Inthelowerexample,Bobwishestosendamessage,withproofthatitisfromhim.Byencryptingitwithhisprivatekey,anyonewhodecryptsitwithhispublickeyknowsthemessagecamefromBob.
•Figure5.10Usinganasymmetricalgorithm
Publickeycryptographyalwaysinvolvestwokeys,apublickeyandaprivatekey,whichtogetherareknownasakeypair.Thepublickeyismadewidelyavailabletoanyonewhomayneedit,whiletheprivatekeyiscloselysafeguardedandsharedwithnoone.
Asymmetrickeysaredistributedusingcertificates.Adigitalcertificatecontainsinformationabouttheassociationofthepublickeytoanentity,andadditionalinformationthatcanbeusedtoverifythecurrentvalidityofthecertificateandthekey.Whenkeysareexchangedbetweenmachines,suchasduringanSSL/TLShandshake,theexchangeisdonebypassingcertificates.
Asymmetricmethodsaresignificantlyslowerthansymmetricmethodsandthusaretypicallynotsuitableforbulkencryption.
Publickeysystemstypicallyworkbyusinghardmathproblems.Oneofthemorecommonmethodsreliesonthedifficultyoffactoringlargenumbers.Thesefunctionsareoftencalledtrapdoorfunctions,astheyaredifficulttoprocesswithoutthekeybuteasytoprocesswhenyouhavethekey—thetrapdoorthroughthefunction.Forexample,givenaprimenumber,say293,andanotherprime,suchas307,itisaneasyfunctiontomultiplythemtogethertoget89,951.Given89,951,itisnotsimpletofindthefactors293and307unlessyouknowoneofthemalready.Computerscaneasilymultiplyverylargeprimeswithhundredsorthousandsofdigitsbutcannoteasilyfactortheproduct.Thestrengthofthesefunctionsisveryimportant:Becauseanattackeris
likelytohaveaccesstothepublickey,hecanruntestsofknownplaintextandproduceciphertext.Thisallowsinstantcheckingofguessesthataremadeaboutthekeysofthealgorithm.Publickeysystems,becauseoftheirdesign,alsoformthebasisfordigitalsignatures,acryptographicmethodforsecurelyidentifyingpeople.RSA,Diffie-Hellman,ellipticcurvecryptography(ECC),andElGamalareallpopularasymmetricprotocols.Wewilllookatallofthemandtheirsuitabilityfordifferentfunctions.
CrossCheckDigitalCertificatesInChapter6youwilllearnmoreaboutdigitalcertificatesandhowencryptionisimportanttoapublickeyinfrastructure.Whyisanasymmetricalgorithmsoimportanttodigitalsignatures?
Diffie-Hellman
Diffie-Hellman(DH)wascreatedin1976byWhitfieldDiffieandMartinHellman.Thisprotocolisoneofthemostcommonencryptionprotocolsinusetoday.ItplaysaroleintheelectronickeyexchangemethodoftheSecureSocketsLayer(SSL)protocol.ItisalsousedbytheTransportLayerSecurity(TLS),SecureShell(SSH),andIPSecurity(IPsec)protocols.Diffie-Hellmanisimportantbecauseitenablesthesharingofasecretkeybetweentwopeoplewhohavenotcontactedeachotherbefore.Theprotocol,likeRSA,useslargeprimenumberstowork.Twousers
agreetotwonumbers,PandG,withPbeingasufficientlylargeprimenumberandGbeingthegenerator.Bothuserspickasecretnumber,aandb.Thenbothuserscomputetheirpublicnumber:
User1X=GamodP,withXbeingthepublicnumberUser2Y=GbmodP,withYbeingthepublicnumber
Theusersthenexchangepublicnumbers.User1knowsP,G,a,X,andY.
User1ComputesKa=YamodPUser2ComputesKb=XbmodP
WithKa=Kb=K,nowbothusersknowthenewsharedsecretK.Thisisthebasicalgorithm,andalthoughmethodshavebeencreatedto
strengthenit,Diffie-Hellmanisstillinwideuse.Itremainsveryeffectivebecauseofthenatureofwhatitisprotecting—atemporary,automaticallygeneratedsecretkeythatisgoodonlyforasinglecommunicationsession.VariationsofDiffie-HellmanincludeEphemeralDiffie-Hellman(EDH),
EllipticCurveDiffie-Hellman(ECDH),andEllipticCurveDiffie-HellmanEphemeral(ECDHE).Thesearediscussedindetaillaterinthechapter.
Diffie-Hellmanisthegoldstandardforkeyexchange,andfortheCompTIASecurity+exam,youshouldunderstandthesubtledifferencesbetweenthedifferentforms,DH,EDH,ECDH,andECDHE.
RSARSAisoneofthefirstpublickeycryptosystemseverinvented.Itcanbeusedforbothencryptionanddigitalsignatures.RSAisnamedafteritsinventors,RonRivest,AdiShamir,andLeonardAdleman,andwasfirstpublishedin1977.Thisalgorithmusestheproductoftwoverylargeprimenumbersand
worksontheprincipleofdifficultyinfactoringsuchlargenumbers.It’sbesttochooselargeprimenumbersthatarefrom100to200digitsinlengthandareequalinlength.ThesetwoprimeswillbePandQ.Randomlychooseanencryptionkey,E,sothatEisgreaterthan1,EislessthanP*Q,andEmustbeodd.Emustalsoberelativelyprimeto(P–1)and(Q–1).ThencomputethedecryptionkeyD:
D=E–1mod((P–1)(Q–1))Nowthattheencryptionkeyanddecryptionkeyhavebeengenerated,
thetwoprimenumberscanbediscarded,buttheyshouldnotberevealed.Toencryptamessage,itshouldbedividedintoblockslessthanthe
productofPandQ.Then,
Ci=MiEmod(P*Q)
Cistheoutputblockofciphertextmatchingtheblocklengthoftheinputmessage,M.Todecryptamessage,takeciphertext,C,andusethisfunction:
Mi=CiDmod(P*Q)
Theuseofthesecondkeyretrievestheplaintextofthemessage.Thisisasimplefunction,butitssecurityhaswithstoodthetestofmore
than20yearsofanalysis.ConsideringtheeffectivenessofRSA’ssecurityandtheabilitytohavetwokeys,whyaresymmetricencryptionalgorithmsneededatall?Theanswerisspeed.RSAinsoftwarecanbe100timesslowerthanDES,andinhardwareitcanbeevenslower.RSAcanbeusedtoperformbothregularencryptionanddigital
signatures.Digitalsignaturestrytoduplicatethefunctionalityofaphysicalsignatureonadocumentusingencryption.Typically,RSAandtheotherpublickeysystemsareusedinconjunctionwithsymmetrickeycryptography.Publickey,theslowerprotocol,isusedtoexchangethesymmetrickey(orsharedsecret),andthenthecommunicationusesthefastersymmetrickeyprotocol.Thisprocessisknownaselectronickeyexchange.SincethesecurityofRSAisbaseduponthesupposeddifficultyof
factoringlargenumbers,themainweaknessesareintheimplementationsoftheprotocol.Untilrecently,RSAwasapatentedalgorithm,butitwasadefactostandardformanyyears.
ElGamalElGamalcanbeusedforbothencryptionanddigitalsignatures.TaherElGamaldesignedthesystemintheearly1980s.Thissystemwasneverpatentedandisfreeforuse.ItisusedastheU.S.governmentstandardfordigitalsignatures.Thesystemisbaseduponthedifficultyofcalculatingdiscrete
logarithmsinafinitefield.Threenumbersareneededtogenerateakeypair.User1choosesaprime,P,andtworandomnumbers,FandD.FandDshouldbothbelessthanP.Thenuser1cancalculatethepublickeyA:
A=DFmodPThenA,D,andParesharedwiththeseconduser,withFbeingtheprivatekey.Toencryptamessage,M,arandomkey,k,ischosenthatisrelativelyprimetoP–1.Then,
C1=DkmodP
C2=AkMmodP
C1andC2makeuptheciphertext.Decryptionisdoneby
M=C2/C1FmodP
ElGamalusesadifferentfunctionfordigitalsignatures.Tosignamessage,M,onceagainchoosearandomvaluekthatisrelativelyprimetoP–1.Then,
C1=DkmodP
C2=(M–C1*F)/k(modP–1)
C1concatenatedtoC2isthedigitalsignature.ElGamalisaneffectivealgorithmandhasbeeninuseforsometime.It
isusedprimarilyfordigitalsignatures.Likeallasymmetriccryptography,itisslowerthansymmetriccryptography.
ECCEllipticcurvecryptography(ECC)worksonthebasisofellipticcurves.AnellipticcurveisasimplefunctionthatisdrawnasagentlyloopingcurveontheX,Yplane.Ellipticcurvesaredefinedbythisequation:
y2=x3+ax2+bEllipticcurvesworkbecausetheyhaveaspecialproperty—youcanaddtwopointsonthecurvetogetherandgetathirdpointonthecurve,asshownintheillustration.
Forcryptography,theellipticcurveworksasapublickeyalgorithm.Usersagreeonanellipticcurveandafixedcurvepoint.Thisinformationisnotasharedsecret,andthesepointscanbemadepublicwithoutcompromisingthesecurityofthesystem.User1thenchoosesasecretrandomnumber,K1,andcomputesapublickeybaseduponapointonthecurve:
P1=K1*F
User2performsthesamefunctionandgeneratesP2.Nowuser1cansenduser2amessagebygeneratingasharedsecret:
S=K1*P2User2cangeneratethesamesharedsecretindependently:
S=K2*P1Thisistruebecause
K1*P2=K1*(K2*F)=(K1*K2)*F=K2*(K1*F)=K2*P1Thesecurityofellipticcurvesystemshasbeenquestioned,mostly
becauseoflackofanalysis.However,allpublickeysystemsrelyonthedifficultyofcertainmathproblems.Itwouldtakeabreakthroughinmathforanyofthementionedsystemstobeweakeneddramatically,butresearchhasbeendoneabouttheproblemsandhasshownthattheellipticcurveproblemhasbeenmoreresistanttoincrementaladvances.Again,aswithallcryptographyalgorithms,onlytimewilltellhowsecuretheyreallyare.ThebigbenefittoECCsystemsisthattheyrequirelesscomputingpowerforagivenbitstrength.ThismakesECCidealforuseinlow-powermobiledevices.Thesurgeinmobileconnectivityhasledtosecurevoice,e-mail,andtextapplicationsthatuseECCandAESalgorithmstoprotectauser’sdata.EllipticcurvefunctionscanbeusedaspartofaDiffie-Hellmankey
exchange,andwhenused,themethodisreferredtoasEllipticCurveDIffie-Hellman(ECDH).ThistechniquecanprovidetheadvantagesofellipticcurveandthefunctionalityofDiffie-Hellman.
AsymmetricEncryptionSummaryAsymmetricencryptioncreatesthepossibilityofdigitalsignaturesandalsocorrectsthemainweaknessofsymmetriccryptography.Theabilitytosendmessagessecurelywithoutsendersandreceivershavinghadpriorcontacthasbecomeoneofthebasicconcernswithsecurecommunication.Digitalsignatureswillenablefasterandmoreefficientexchangeofallkindsofdocuments,includinglegaldocuments.Withstrongalgorithms
andgoodkeylengths,securitycanbeassured.
Symmetricvs.AsymmetricBothsymmetricandasymmetricencryptionmethodshaveadvantagesanddisadvantages.Symmetricencryptiontendstobefaster,islesscomputationallyinvolved,andisbetterforbulktransfers.Butitsuffersfromakeymanagementprobleminthatkeysmustbeprotectedfromunauthorizedparties.Asymmetricmethodsresolvethekeysecrecyissuewithpublickeys,butaddsignificantcomputationalcomplexitythatmakesthemlesssuitedforbulkencryption.Bulkencryptioncanbedoneusingthebestofbothsystems,byusing
asymmetricencryptiontopassasymmetrickey.Byaddinginephemeralkeyexchange,youcanachieveperfectforwardsecrecy,discussedlaterinthechapter.Digitalsignatures,ahighlyusefultool,arenotpracticalwithoutasymmetricmethods.
QuantumCryptographyCryptographyistraditionallyaveryconservativebranchofinformationtechnology.Itreliesonproventechnologiesanddoesitsbesttoresistchange.Abignewtopicinrecentyearshasbeenquantumcryptography.Quantumcryptographyisbasedonquantummechanics,principallysuperpositionandentanglement.Adiscussionofquantummechanicsisbeyondthescopeofthistext,buttheprinciplewearemostconcernedwithinregardtocryptographyisthatinquantummechanics,themeasuringofdatadisturbsthedata.Whatthismeanstocryptographersisthatitiseasytotellifamessagehasbeeneavesdroppedonintransit,allowingpeopletoexchangekeydatawhileknowingthatthedatawasnotinterceptedintransit.Thisuseofquantumcryptographyiscalledquantumkeydistribution.Thisiscurrentlytheonlycommercialuseofquantumcryptography,andalthoughthereareseveralmethodsforsendingthekey,theyalladheretothesameprinciple.Keybitsaresentandthencheckedat
theremoteendforinterception,andthenmorekeybitsaresentusingthesameprocess.Onceanentirekeyhasbeensentsecurely,symmetricencryptioncanthenbeused.Theotherfieldofresearchinvolvingquantummechanicsand
cryptographyisquantumcryptanalysis.Aquantumcomputeriscapableoffactoringlargeprimesexponentiallyfasterthananormalcomputer,potentiallymakingtheRSAalgorithm,andanysystembaseduponfactoringprimenumbers,insecure.Thishasledtoresearchincryptosystemsthatarenotvulnerabletoquantumcomputations,afieldknownaspost-quantumcryptography.
SteganographySteganography,anoffshootofcryptographytechnology,getsitsmeaningfromtheGreekwordsteganos,meaningcovered.Invisibleinkplacedonadocumenthiddenbyinnocuoustextisanexampleofasteganographicmessage.Anotherexampleisatattooplacedonthetopofaperson’shead,visibleonlywhentheperson’shairisshavedoff.Hiddenwritinginthecomputeragereliesonaprogramtohidedata
insideotherdata.Themostcommonapplicationistheconcealingofatextmessageinapicturefile.TheInternetcontainsmultiplebillionsofimagefiles,allowingahiddenmessagetobelocatedalmostanywherewithoutbeingdiscovered.Becausenotalldetectionprogramscandetecteverykindofsteganography,tryingtofindthemessageinanInternetimageisakintoattemptingtofindaneedleinahaystackthesizeofthePacificOcean;evenaGooglesearchforsteganographyreturnsthousandsofimages.
Thenatureoftheimagefilesalsomakesahiddenmessagedifficulttodetect.Whileitismostcommontohidemessagesinsideimages,theycanalsobehiddeninvideoandaudiofiles.Theadvantagetosteganographyovertheuseofencryptionaloneisthat
themessagesdonotattractattention,andthisdifficultyindetectingthe
hiddenmessageprovidesanadditionalbarriertoanalysis.Thedatathatishiddeninasteganographicmessageisfrequentlyalsoencrypted,sothatifitisdiscovered,themessagewillremainsecure.Steganographyhasmanyusesbutthemostpublicizedusesaretohideillegalmaterial,oftenpornography,orallegedlyforcovertcommunicationbyterroristnetworks.Steganographicencodingcanbeusedinmanywaysandthroughmany
differentmedia.Coveringthemallisbeyondthescopeforthisbook,butwewilldiscussoneofthemostcommonwaystoencodeintoanimagefile,LSBencoding.LSB,LeastSignificantBit,isamethodofencodinginformationintoanimagewhilealteringtheactualvisualimageaslittleaspossible.Acomputerimageismadeupofthousandsormillionsofpixels,alldefinedby1’sand0’s.IfanimageiscomposedofRedGreenBlue(RGB)values,eachpixelhasanRGBvaluerepresentednumericallyfrom0to255.Forexample,0,0,0isblack,and255,255,255iswhite,whichcanalsoberepresentedas00000000,00000000,00000000forblackand11111111,11111111,11111111forwhite.Givenawhitepixel,editingtheleastsignificantbitofthepixelto11111110,11111110,11111110changesthecolor.Thechangeincolorisundetectabletothehumaneye,butinanimagewithamillionpixels,thiscreatesa125KBareainwhichtostoreamessage.SomepopularsteganographydetectiontoolsincludeStegdetect,
StegSecret,StegSpy,andthefamilyofSARCtools.Allofthesetoolsusedetectiontechniquesbaseduponthesameprinciple,patterndetection.Bylookingforknownsteganographicencodingschemesorartifacts,theycanpotentiallydetectembeddeddata.Additionally,steganographyinsertiontoolscanbeusedtoattempttodecodeimageswithsuspectedhiddenmessages.InvisibleInkisasmallprogramforsteganographicinsertionofmessagesandthentheextractionofthosemessages,asillustratedhere.
CryptographyAlgorithmUse
Theuseofcryptographicalgorithmsgrowseveryday.Moreandmoreinformationbecomesdigitallyencodedandplacedonline,andallofthisdataneedstobesecured.Thebestwaytodothatwithcurrenttechnologyistouseencryption.Thissectionconsiderssomeofthetaskscryptographicalgorithmsaccomplishandthoseforwhichtheyarebestsuited.Securityistypicallydefinedasaproductoffivecomponents:confidentiality,integrity,availability,authentication,andnonrepudiation.Encryptionaddressesallofthesecomponentsexceptavailability.Keyescrowwillbeoneofthemostimportanttopicsasinformationbecomesuniversallyencrypted;otherwise,everyonemaybeleftwithuselessdata.Digitalrightsmanagementandintellectualpropertyprotectionarealsoplaceswhereencryptionalgorithmsareheavilyused.Digitalsignaturescombineseveralalgorithmstoprovidereliableidentificationinadigitalform.
ConfidentialityConfidentialitytypicallycomestomindwhenthetermsecurityisbroughtup.Confidentialityistheabilitytokeepsomepieceofdataasecret.Inthedigitalworld,encryptionexcelsatprovidingconfidentiality.Inmostcases,symmetricencryptionisfavoredbecauseofitsspeedandbecausesomeasymmetricalgorithmscansignificantlyincreasethesizeoftheobjectbeingencrypted.Asymmetriccryptographyalsocanbeusedtoprotectconfidentiality,butitssizeandspeedmakeitmoreefficientatprotectingtheconfidentialityofsmallunitsfortaskssuchaselectronickeyexchange.Inallcases,thestrengthofthealgorithmsandthelengthofthekeysensurethesecrecyofthedatainquestion.
IntegrityIntegrity,betterknownasmessageintegrity,isacrucialcomponentofmessagesecurity.Whenamessageissent,boththesenderandrecipientneedtoknowthatthemessagewasnotalteredintransmission.Thisis
especiallyimportantforlegalcontracts—recipientsneedtoknowthatthecontractshavenotbeenaltered.Signersalsoneedawaytovalidatethatacontracttheysignwillnotbealteredinthefuture.
Messageintegritywillbecomeincreasinglyimportantasmorecommerceisconducteddigitally.Theabilitytoindependentlymakesurethatadocumenthasnotbeentamperedwithisveryimportanttocommerce.Moreimportantly,oncethedocumentis“signed”withadigitalsignature,itcannotberefutedthatthepersoninquestionsignedit.
Integrityisprovidedviaone-wayhashfunctionsanddigitalsignatures.Thehashfunctionscomputethemessagedigests,andthisguaranteestheintegrityofthemessagebyallowingeasytestingtodeterminewhetheranypartofthemessagehasbeenchanged.Themessagenowhasacomputedfunction(thehashvalue)totelltheuserstoresendthemessageifitwasinterceptedandinterferedwith.Thishashvalueiscombinedwithasymmetriccryptographybytakingthemessage’shashvalueandencryptingitwiththeuser’sprivatekey.Thisletsanyonewiththeuser’spublickeydecryptthehashandcompareittothelocallycomputedhash,notonlyensuringtheintegrityofthemessagebutpositivelyidentifyingthesender.
AuthenticationAuthenticationisthematchingofausertoanaccountthroughpreviouslysharedcredentials.Thisinformationmustbeprotectedandacombinationofcryptographicmethodsarecommonlyemployed.Fromhashingtokeystretchingtoencryptionanddigitalsignatures,multipletechniquesareusedaspartoftheoperationsinvolvedinauthentication.
TryThis!
DocumentIntegrityDownloadahashcalculatorthatworksonyouroperatingsystem,suchasSlavaSoftHashCalc,availableatwww.slavasoft.com/hashcalc/index.htm.Thencreateasimpledocumentfilewithanytextthatyouprefer.Saveit,andthenusethehashingprogramtogeneratethehashandsavethehashvalue.Noweditthefile,evenbysimplyinsertingasingleblankspace,andresaveit.Recalculatethehashandcompare.
NonrepudiationAnitemofsomeconfusion,theconceptofnonrepudiationisactuallyfairlysimple.Nonrepudiationmeansthatthemessagesendercannotlaterdenythattheysentthemessage.Thisisimportantinelectronicexchangesofdata,becauseofthelackofface-to-facemeetings.Nonrepudiationisbaseduponpublickeycryptographyandtheprincipleofonlyyouknowingyourprivatekey.Thepresenceofamessagesignedbyyou,usingyourprivatekey,whichnobodyelseshouldknow,isanexampleofnonrepudiation.Whenathirdpartycancheckyoursignatureusingyourpublickey,thatdisprovesanyclaimthatyouwerenottheonewhoactuallysentthemessage.Nonrepudiationistiedtoasymmetriccryptographyandcannotbeimplementedwithsymmetricalgorithms.
TechTip
HOTPAnHMAC-basedOne-TimePassword(HOTP)algorithmisakeycomponentoftheOpenAuthenticationInitiative(OATH).YubiKeyisahardwareimplementationofHOTPthathassignificantuse.
CipherSuitesInmanyapplications,theuseofcryptographyoccursasacollectionoffunctions.Differentalgorithmscanbeusedforauthentication,
encryption/decryption,digitalsignatures,andhashing.Thetermciphersuitereferstoanarrangedgroupofalgorithms.Forinstance,TLShasapublishedTLSCipherSuiteRegistryatwww.iana.org/assignments/tls-parameters/tls-parameters.xhtml.
Strongvs.WeakCiphersThereisawiderangeofciphers,someoldandsomenew,eachwithitsownstrengthsandweaknesses.Overtime,newmethodsandcomputationalabilitieschangetheviabilityofciphers.Theconceptofstrongversusweakciphersisanacknowledgmentthat,overtime,cipherscanbecomevulnerabletoattacks.Theapplicationorselectionofciphersshouldtakeintoconsiderationthatnotallciphersarestillstrong.Whenselectingacipherforuse,itisimportanttomakeanappropriatechoice.
KeyExchangeCryptographicmechanismsusebothanalgorithmandakey,withthekeyrequiringcommunicationbetweenparties.Insymmetricencryption,thesecrecydependsuponthesecrecyofthekey,soinsecuretransportofthekeycanleadtofailuretoprotecttheinformationencryptedusingthekey.Keyexchangeisthecentralfoundationalelementofasecuresymmetricencryptionsystem.Maintainingthesecrecyofthesymmetrickeyisthebasisofsecretcommunications.Inasymmetricsystems,thekeyexchangeproblemisoneofkeypublication.Becausepublickeysaredesignedtobeshared,theproblemisreversedfromoneofsecrecytooneofpublicity.Earlykeyexchangeswereperformedbytrustedcouriers.Peoplecarried
thekeysfromsenderstoreceivers.Onecouldconsiderthisformofkeyexchangetobetheultimateinout-of-bandcommunication.Withtheadventofdigitalmethodsandsomemathematicalalgorithms,itispossibletopasskeysinasecurefashion.Thiscanoccurevenwhenallpacketsaresubjecttointerception.TheDiffie-Hellmankeyexchangeisoneexampleofthistypeofsecurekeyexchange.TheDiffie-Hellmankeyexchangedependsupontworandomnumbers,eachchosenbyoneoftheparties,and
keptsecret.Diffie-Hellmankeyexchangescanbeperformedin-band,andevenunderexternalobservation,asthesecretrandomnumbersareneverexposedtooutsideparties.
KeyEscrowTheimpressivegrowthoftheuseofencryptiontechnologyhasledtonewmethodsforhandlingkeys.Encryptionisadeptathidingallkindsofinformation,andwithprivacyandidentityprotectionbecomingmoreofaconcern,moreinformationisencrypted.Thelossofakeycanhappenforamultitudeofreasons:itmightsimplybelost,thekeyholdermightbeincapacitatedordead,softwareorhardwaremightfail,andsoon.Inmanycases,thatinformationislockedupuntilthecryptographycanbebroken,and,asyouhaveread,thatcouldbemillennia.Thishasraisedthetopicofkeyescrow,orkeepingacopyoftheencryptionkeywithatrustedthirdparty.Theoretically,thisthirdpartywouldonlyreleaseyourkeytoyouoryourofficialdesignateontheeventofyourbeingunabletogetthekeyyourself.However,justastheoldsayingfromBenjaminFranklingoes,“Threemaykeepasecretiftwoofthemaredead.”Anytimemorethanonecopyofthekeyexists,thesecurityofthesystemisbroken.Theextentoftheinsecurityofkeyescrowisasubjectopentodebate,andwillbehotlycontestedintheyearstocome.
TechTip
KeyEscrowHasBenefitsandHazardsKeyescrowcansolvemanyoftheproblemsthatresultwhenakeyislostorbecomesinaccessible,allowingaccesstodatathatotherwisewouldbeimpossibletoaccesswithoutkeyescrow,butitcanopenupprivateinformationtounauthorizedaccess.
Additionally,withcomputertechnologybeingminiaturizedintosmartphonesandotherrelativelyinexpensivedevices,criminalsandother
ill-willedpeoplehavebegunusingcryptographytoconcealcommunicationsandbusinessdealingsfromlawenforcementagencies.Becauselawenforcementagencieshavenotbeenabletobreaktheencryptioninmanycases,governmentagencieshavebegunaskingformandatorykeyescrowlegislation.Inthissense,keyescrowisasystembywhichyourprivatekeyiskeptbothbyyouandbythegovernment.Thisallowspeoplewithacourtordertoretrieveyourprivatekeytogainaccesstoanythingencryptedwithyourpublickey.Thedataisessentiallyencryptedbyyourkeyandthegovernmentkey,givingthegovernmentaccesstoyourplaintextdata.Thisprocessissimilartoasearchwarrantofyourhome,butisusedagainstyourcomputerdata.Whetherornotthisishowthingsshouldbeisalsoopentodebate,butitdoesraisetheinterestingpossibilityofencryptionsoftwarethatisincompatiblewithgovernmentkeyescrowbeingbanned.Thelastmajordiscussionforkeyescrowlegislationwasseveralyearsago,buttheprospectremainsouttherewaitingforahighprofilecasetobringencryptionintothespotlight.In2015,manyUSFederalofficialsagaincalledforformsofkeyescrowandbackdoorsinthenameofanti-terrorismandlawenforcement.Theresultofthisnewroundofargumentwilltakeyearstodecidethecorrectbalance.Keyescrowcannegativelyimpactthesecurityprovidedbyencryption,
becausethegovernmentrequiresahuge,complexinfrastructureofsystemstoholdeveryescrowedkey,andthesecurityofthosesystemsislessefficientthanthesecurityofyourmemorizingthekey.However,therearetwosidestothekeyescrowcoin.Withoutapracticalwaytorecoverakeyiforwhenitislostorthekeyholderdies,forexample,someimportantinformationwillbelostforever.Suchissueswillaffectthedesignandsecurityofencryptiontechnologiesfortheforeseeablefuture.
SessionKeysAsessionkeyisasymmetrickeyusedforencryptingmessagesduringacommunicationsession.Itisgeneratedfromrandomseedsandisusedfor
thedurationofacommunicationsession.Whencorrectlygeneratedandpropagatedduringsessionsetup,asessionkeyprovidessignificantlevelsofprotectionduringthecommunicationsessionandalsocanaffordperfectforwardsecrecy(describedlaterinthechapter).Sessionkeysoffertheadvantagesofsymmetricencryption,speed,strength,simplicity,and,withkeyexchangespossibleviadigitalmethods,significantlevelsofautomatedsecurity.
EphemeralKeysEphemeralkeysarecryptographickeysthatareusedonlyonceaftertheyaregenerated.WhenanephemeralkeyisusedaspartoftheDiffie-Hellmanscheme,itformsanEphemeralDiffie-Hellman(EDH)keyexchange.AnEDHmechanismgeneratesatemporarykeyforeachconnection,neverusingthesamekeytwice.Thisprovidesforperfectforwardsecrecy.IftheDiffie-Hellmaninvolvestheuseofellipticcurves,itiscalledEllipticCurveDiffie-HellmanEphemeral(ECDHE).
KeyStretchingKeystretchingisamechanismthattakeswhatwouldbeweakkeysand“stretches”themtomakethesystemmoresecureagainstbrute-forceattacks.Atypicalmethodologyusedforkeystretchinginvolvesincreasingthecomputationalcomplexitybyaddingiterativeroundsofcomputations.Toextendapasswordtoalongerlengthofkey,youcanrunitthroughmultipleroundsofvariable-lengthhashing,eachincreasingtheoutputbybitsovertime.Thismaytakehundredsorthousandsofrounds,butforsingle-usecomputations,thetimeisnotsignificant.Whenonewantstouseabrute-forceattack,theincreaseincomputationalworkloadbecomessignificantwhendonebillionsoftimes,makingthisformofattackmuchmoreexpensive.Thecommonformsofkeystretchingemployedinusetodayinclude
Password-BasedKeyDerivationFunction2andBcrypt.
PBKDF2Password-BasedKeyDerivationFunction2(PBKDF2)isakeyderivationfunctiondesignedtoproduceakeyderivedfromapassword.ThisfunctionusesapasswordorpassphraseandasaltandappliesanHMACtotheinputthousandsoftimes.Therepetitionmakesbrute-forceattackscomputationallyunfeasible.
BcryptBcryptisakey-stretchingmechanismthatusestheBlowfishcipherandsalting,andaddsanadaptivefunctiontoincreasethenumberofiterations.Theresultisthesameasotherkey-stretchingmechanisms(singleuseiscomputationallyfeasible),butwhenattemptingtobrute-forcethefunction,thebillionsofattemptsmakeitcomputationallyunfeasible.
SecrecyPrinciplesThereareseveralconditionsandprinciplesassociatedwithsecrecy.Twoofthese,confusionanddiffusion,arisefromClaudeShannon’sseminalworkincommunicationtheory.Theconceptofentropy,presentedearlier,isfromthesamesource.Whilethesearetheoretical-centricideas,thereareimplementationprinciplesaswell.Perfectforwardsecrecyisoneoftheseasitappliestofuturemessagesecrecy.
ConfusionConfusionisaprincipletoaffecttherandomnessofanoutput.Theconceptisoperationalizedbyensuringthateachcharacterofciphertextdependsonseveralpartsofthekey.Confusionplacesaconstraintontherelationshipbetweentheciphertextandthekeyemployed,forcinganeffectthatincreasesentropy.
DiffusionDiffusionisaprinciplethatthestatisticalanalysisofplaintextand
ciphertextresultsinaformofdispersionrenderingonestructurallyindependentoftheother.Inplainterms,achangeinonecharacterofplaintextshouldresultinmultiplechangesintheciphertextinamannerthatchangesinciphertextdonotrevealinformationastothestructureoftheplaintext.
PerfectForwardSecrecyPerfectforwardsecrecyisapropertyofapublickeysysteminwhichakeyderivedfromanotherkeyisnotcompromisedeveniftheoriginatingkeyiscompromisedinthefuture.Thisisespeciallyimportantinsessionkeygeneration,wherethecompromiseoffuturecommunicationsessionsmaybecomecompromised;ifperfectforwardsecrecywerenotinplace,thenpastmessagesthathadbeenrecordedcouldbedecrypted.
TransportEncryptionTransportencryptionisusedtoprotectdatathatisinmotion.Whendataisbeingtransportedacrossanetwork,itisatriskofinterception.AnexaminationoftheOSInetworkingmodelshowsalayerdedicatedtotransport,andthisabstractioncanbeusedtomanageend-to-endcryptographicfunctionsforacommunicationchannel.WhenutilizingtheTCP/IPprotocol,TLSisthepreferredmethodofmanagingthesecurityatthetransportlevel.
DigitalSignaturesDigitalsignatureshavebeentoutedasthekeytotrulypaperlessdocumentflow,andtheydohavepromiseforimprovingthesystem.Digitalsignaturesarebasedonbothhashingfunctionsandasymmetriccryptography.Bothencryptionmethodsplayanimportantroleinsigningdigitaldocuments.Unprotecteddigitaldocumentsareveryeasyforanyonetochange.Ifadocumentiseditedafteranindividualsignsit,itisimportantthatanymodificationcanbedetected.Toprotectagainst
documentediting,hashingfunctionsareusedtocreateadigestofthemessagethatisuniqueandeasilyreproduciblebybothparties.Thisensuresthatthemessageintegrityiscomplete.
Digitalsignaturesprovideameansofverifyingauthenticityandintegrityofamessage:youknowbothwhothesenderisandthatthemessagehasnotbeenaltered.Byitself,adigitalsignaturedoesnotprotectthecontentsfromunauthorizedreading.
Adigitalsignatureisacryptographicimplementationdesignedtodemonstrateauthenticityandidentityassociatedwithamessage.Usingpublickeycryptography,adigitalsignatureallowstraceabilitytothepersonsigningthemessagethroughtheuseoftheirprivatekey.Theadditionofhashcodesallowsfortheassuranceofintegrityofthemessageaswell.Theoperationofadigitalsignatureisacombinationofcryptographicelementstoachieveadesiredoutcome.ThestepsinvolvedindigitalsignaturegenerationanduseareillustratedinFigure5.11.Themessagetobesignedishashed,andthehashisencryptedusingthesender’sprivatekey.Uponreceipt,therecipientcandecryptthehashusingthesender’spublickey.Ifasubsequenthashingofthemessagerevealsanidenticalvalue,twothingsareknown:First,themessagehasnotbeenaltered.Second,thesenderpossessedtheprivatekeyofthenamedsender,soispresumablythesenderhim-orherself.
•Figure5.11Digitalsignatureoperation
Adigitalsignaturedoesnotbyitselfprotectthecontentsofthemessagefrominterception.Themessageisstillsentintheclear,soifconfidentialityofthemessageisarequirement,additionalstepsmustbetakentosecurethemessagefromeavesdropping.Thiscanbedonebyencryptingthemessageitself,orbyencryptingthechanneloverwhichitistransmitted.
DigitalRightsManagementDigitalrightsmanagement(DRM)istheprocessforprotectingintellectualpropertyfromunauthorizeduse.Thisisabroadarea,butthemostconcentratedfocusisonpreventingpiracyofsoftwareordigitalcontent.Beforeeasyaccesstocomputers,orthe“digitalrevolution,”thecontentwecameincontactwithwasanalogorprintbased.Whileitwaspossibletocopythiscontent,itwasdifficultandtime-consumingtodoso,andusuallyresultedinalossofquality.Itwasalsomuchmoredifficulttosend1000pagesofahandwrittencopyofabooktoEurope,forexample.ComputersandtheInternethavemadesuchtaskstrivial,andnowitisveryeasytocopyadocument,music,orvideoandquicklysenditthousandsofmilesaway.Cryptographyhasenteredthefrayasasolutiontoprotectdigitalrights,
thoughitiscurrentlybetterknownforitsfailuresthanitssuccesses.TheDVDContentScrambleSystem(CSS)wasanattempttomakeDVDsimpossibletocopybycomputer.CSSusedanencryptionalgorithmthatwaslicensedtoeveryDVDplayer;however,creativeprogrammerswereabletoretrievethekeytothisalgorithmbydisassemblingasoftware-basedDVDplayer.CSShasbeenreplacedbytheAdvancedAccessContentSystem(AACS),whichisusedonthenext-generationBlu-raydiscs.ThissystemencryptsvideocontentviathesymmetricAESalgorithmwithoneormorekeys.Severaldecryptionkeyshavebeen
crackedandreleasedtotheInternet,allowingpiratestofreelycopytheprotectedcontent.ThemusicandcomputergameindustrieshavealsoattemptedseveraldifferentDRMapplications,butnearlyallofthesehaveeventuallybeencracked,allowingpiracy.AcommonexampleofDRMthatismostlysuccessfulisthebroadcast
streamofdigitalsatelliteTV.SincethesignalisbeamedfromspacetoeveryhomeinNorthAmerica,thesatelliteTVprovidermustbeabletoprotectthesignalsothatitcanchargepeopletoreceiveit.Smartcardsareemployedtosecurelyholdthedecryptionkeysthatallowaccesstosomeorallofthecontentinthestream.Thissystemhasbeencrackedseveraltimes,allowingasubsetofusersfreeaccesstothecontent;however,thesatelliteTVproviderslearnedfromtheirearlymistakesandupgradednewsmartcardstocorrecttheoldproblems.DRMwillalsobecomeveryimportantintheindustryofSoftwareasa
Service(SaaS).SimilartocompaniesthatprovidesatelliteTVservice,companiesthatprovideSaaSrelyonasubscriptionbasisforprofitability.Ifsomeonecouldpayforasinglelicenseandthendistributethattohundredsofemployees,theproviderwouldsoongooutofbusiness.Manysystemsinthepasthavebeencrackedbecausethekeywashousedinsidethesoftware.Thishaspromptedsomesystemstousespecifichardwaretostoreandprotectthekey.ThesedevicesarecommonlyknownasHardwareSecurityModules,orHSMs.Theyareusuallydesignedtoprotectthekeyinhardwaresothatevenifthedeviceistamperedwith,itwillnotrevealkeymaterial.Smartcardsareoneexampleofthistechnology.AnotherexampleishardwaretokenUSBkeysthatmustbeinsertedintothemachineforthesoftwaretodecryptandrun.Placingthekeysinhardwaremakesanattacktoretrievethemmuchharder,aconceptthatisemployedintheTrustedPlatformModule;infact,oneoftheprimarycomplaintsagainsttheTPMisitsinabilitytoenforceDRMrestrictions.
CryptographicApplications
Afewapplicationscanbeusedtoencryptdataconvenientlyonyourpersonalcomputer.(Thisisbynomeansacompletelistofeveryapplication.)PrettyGoodPrivacy(PGP)ismentionedinthisbookbecauseitisausefulprotocolsuite.CreatedbyPhilipZimmermannin1991,itpassedthroughseveralversionsthatwereavailableforfreeunderanoncommerciallicense.PGPisnowanenterpriseencryptionproduct,acquiredbytheSymantecCorporationin2010.PGPcanbeappliedtopopulare-mailprogramstohandlethemajorityofday-to-dayencryptiontasksusingacombinationofsymmetricandasymmetricencryptionprotocols.OneoftheuniquefeaturesofPGPisitsabilitytousebothsymmetricandasymmetricencryptionmethods,accessingthestrengthsofeachmethodandavoidingtheweaknessesofeachaswell.Symmetrickeysareusedforbulkencryption,takingadvantageofthespeedandefficiencyofsymmetricencryption.Thesymmetrickeysarepassedusingasymmetricmethods,capitalizingontheflexibilityofthismethod.PGP-basedtechnologyisnowsoldaspartofacommercialapplication,withhomeandcorporateversions.
CrossCheckPGPInChapter7youwilllearnsomeadditionaldetailsaboutPGP.Whyistheabilitytouseasymmetricandsymmetricencryptioninthesameprogramimportant?
GnuPG,orGnuPrivacyGuard,isanopensourceimplementationoftheOpenPGPstandard.Thiscommandline–basedtoolisapublickeyencryptionprogramdesignedtoprotectelectroniccommunicationssuchase-mail.ItoperatessimilarlytoPGPandincludesamethodformanagingpublic/privatekeys.Filesystemencryptionisbecomingastandardmeansofprotectingdata
whileinstorage.Evenharddrivesareavailablewithbuilt-inAESencryption.MicrosoftexpandeditsEncryptingFileSystem(EFS),availablesincetheWindows2000operatingsystem,withBitLocker,a
boot-sectorencryptionmethodthatprotectsdatathatwasintroducedwiththeWindowsVistaoperatingsystem.BitLockerisalsousedinWindowsServer2008andtheWindows7andbeyondoperatingsystems.BitLockerutilizesAESencryptiontoencrypteveryfileontheharddriveautomatically.Allencryptionoccursinthebackground,anddecryptionoccursseamlesslywhendataisrequested.ThedecryptionkeycanbestoredintheTPMoronaUSBkey.
DatabaseEncryptionDuepartlytoincreasedregulatoryconcernsandpartlytomoretargetedattacks,databaseshavebeguntooffernativesupportforencryption.Protectingdataatrestintheenterprisefrequentlyinvolvesdatastoredindatabases.Buildingdataprotectionmechanismsintothedatabasesystemsisnotnew(ithasbeenaroundforalongtime),butenterpriseadoptionofthisfunctionalityhasbeenslow.Symmetricencryptionalgorithmssuchas3DESandAESareusedtoencryptdatainternallyinthedatabase.Protectionmechanismsthatcanbemanagedbyrowandbycolumnareincludedinmostmajordatabaseapplications;thechallengeisinconvincingorganizationstousethisprovenprotectionmethodology.Itdoesaddcomplexitytothesystem,butintoday’senvironmentofdatabreachesandcorporateespionage,thecomplexityiseasiertomanagethantheeffectsofadataloss.
UseofProvenTechnologiesWhensettingupacryptographicscheme,itisimportanttouseproventechnologies.Provencryptographiclibrariesandprovencryptographicallycorrectrandomnumbergeneratorsarethefoundationalelementsassociatedwithasolidprogram.Homegrownorcustomelementsintheseareascangreatlyincreaseriskassociatedwithabrokensystem.Developingyourowncryptographicalgorithmsisbeyondtheabilitiesofmostgroups.Algorithmsarecomplexanddifficulttocreate.Anyalgorithmthathasnothadpublicreviewcanhaveweaknessesinthe
algorithm.Mostgoodalgorithmsareapprovedforuseonlyafteralengthytestandpublicreviewphase.
Chapter5Review
ForMoreInformationAppliedCryptography,SecondEdition,BruceSchneier(JohnWiley&Sons)
Cryptool:https://www.cryptool.org/en/
BruceSchneierBlog:https://www.schneier.com/cryptography.html
LabBookExercisesThefollowinglabexercisesfromthecompanionlabmanual,PrinciplesofComputerSecurityLabManual,FourthEdition,providepracticalapplicationofmaterialcoveredinthischapter:
ChapterSummaryAfterreadingthischapterandcompletingtheexercises,youshouldunderstandthefollowingaboutcryptography.
Understandthefundamentalsofcryptography
Understandthefundamentalmethods.
Understandhowtocomparestrengthsandperformanceofalgorithms.
Haveanappreciationofthehistoricalaspectsofcryptography.
Identifyanddescribethethreetypesofcryptography
Symmetriccryptographyisbasedupontheconceptofasharedsecretorkey.
Asymmetriccryptographyisbaseduponakeythatcanbemadeopenlyavailabletothepublic,yetstillprovidesecurity.
One-way,orhashing,cryptographytakesdataandenciphersit.However,thereisnowaytodecipheritandnokey.
Properrandomnumbergenerationisessentialforcryptographicuse,asthestrengthoftheimplementationfrequentlydependsuponitbeingtrulyrandomandunknown.
Listanddescribecurrentcryptographicalgorithms
Hashingistheuseofaone-wayfunctiontogenerateamessagesummaryfordataintegrity.
HashingalgorithmsincludeSHA(SecureHashAlgorithm)andMD(MessageDigest).
Symmetricencryptionisasharedsecretformofencryptingdataforconfidentiality;itisfastandreliable,butneedssecurekeymanagement.
SymmetricalgorithmsincludeDES(DataEncryptionStandard),3DES,AES(AdvancedEncryptionStandard),CAST,Blowfish,IDEA,andRC(RivestCipher)variants.
Asymmetricencryptionisapublic/privatekey-pairencryptionusedforauthentication,nonrepudiation,andconfidentiality.
AsymmetricalgorithmsincludeRSA,Diffie-Hellman,ElGamal,andECC.
Explainhowcryptographyisappliedforsecurity
Confidentialityisgainedbecauseencryptionisverygoodatscramblinginformationtomakeitlooklikerandomnoise,wheninfactakeycandecipherthemessageandreturnittoitsoriginalstate.
Integrityisgainedbecausehashingalgorithmsarespecificallydesignedtocheckintegrity.Theycanreduceamessagetoamathematicalvaluethatcanbeindependentlycalculated,guaranteeingthatanymessagealterationwouldchangethemathematicalvalue.
Nonrepudiationisthepropertyofnotbeingabletoclaimthatyoudidnotsendthedata.Thispropertyisgainedbecauseofthepropertiesofprivatekeys.
Authentication,orbeingabletoproveyouareyou,isachievedthroughtheprivatekeysinvolvedindigitalsignatures.
Theuseofkeygenerationmethodsincludingephemeralkeysandkeystretchingareimportanttoolsintheimplementationofstrongcryptosystems.
Digitalsignatures,combiningmultipletypesofencryption,provideanauthenticationmethodverifiedbyathirdparty,allowingyoutousethemasifyouwereactuallysigningthedocumentwithyourregularsignature.
Digitalrightsmanagement(DRM)usessomeformofasymmetricencryptionthatallowsanapplicationtodetermineifyouareanauthorizeduserofthedigitalcontentyouaretryingtoaccess.Forexample,thingslikeDVDsandcertaindigitalmusicformatssuchasAACSuseDRM.
Theprincipleofperfectforwardsecrecyprotectsfuturemessagesfrompreviousmessagekeydisclosures.
Provencryptographictechnologiesareimportantasmostcryptographicsystemsfailandonlyafewstandthetestoftime.Homebrewsystemsareripeforfailure.
Ciphersuitesprovideinformationtoassistdevelopersinchoosingthecorrectmethodstoachievedesiredlevelsofprotection.
KeyTermsalgorithm(96)blockcipher(104)ciphertext(94)collisionattack(99)confusion(120)cryptanalysis(90)cryptography(90)differentialcryptanalysis(91)diffusion(120)digitalrightsmanagement(121)digitalsignature(120)entropy(98)ephemeralkeys(119)eXclusiveOR(XOR)(97)hash(99)key(97)keyescrow(118)keymanagement(98)keyspace(93)keystretching(119)linearcryptanalysis(91)multipleencryption(104)perfectforwardsecrecy(120)plaintext(94)sharedsecret(103)shiftcipher(94)
steganography(114)streamcipher(107)substitution(92)transposition(92)transpositioncipher(93)trapdoorfunction(109)Vigenèrecipher(95)
KeyTermsQuizUsetermsfromtheKeyTermslisttocompletethesentencesthatfollow.Don’tusethesametermmorethanonce.Notalltermswillbeused.
1.Makingtwoinputsresultintheexactsamecryptographichashiscalleda(n)_______________.
2.Asimplewaytohideinformation,the_______________movesaletterasetnumberofplacesdownthealphabet.
3.Toprovideforperfectforwardsecurity,oneshoulduse_______________.
4._______________isrequiredforsymmetricencryption.5._______________istheevaluationofacryptosystemtotestits
security.
6._______________referstoeverypossiblevalueforacryptographickey.
7._______________isthefunctionmostcommonlyseenincryptography,a“bitwiseexclusive”or.
8.Themeasureofrandomnessinadatastreamiscalled_______________.
9.Processingthroughanalgorithmmorethanoncewithdifferentkeys
iscalled_______________.
10.Thebasisforsymmetriccryptographyistheprincipleofa(n)_______________.
Multiple-ChoiceQuiz1.Whenamessageissent,nomatterwhatitsformat,whydowecare
aboutitsintegrity?
A.Toensureproperformatting
B.Toshowthattheencryptionkeysareundamaged
C.Toshowthatthemessagehasnotbeeneditedintransit
D.Toshowthatnoonehasviewedthemessage
2.Howis3DESdifferentfrommanyothertypesofencryptiondescribedinthischapter?
A.Itonlyencryptsthehash.
B.Ithashesthemessagebeforeencryption.
C.Itusesthreekeysandmultipleencryptionand/ordecryptionsets.
D.Itcandisplaythekeypublicly.
3.Ifamessagehasahash,howdoesthehashprotectthemessageintransit?
A.Ifthemessageisedited,thehashwillnolongermatch.
B.Hashingdestroysthemessagesothatitcannotbereadbyanyone.
C.Hashingencryptsthemessagesothatonlytheprivatekeyholdercanreadit.
D.Thehashmakesthemessageuneditable.
4.Whatisthebiggestdrawbacktosymmetricencryption?A.Itistooeasilybroken.
B.Itistooslowtobeeasilyusedonmobiledevices.
C.Itrequiresakeytobesecurelyshared.
D.ItisavailableonlyonUNIX.
5.WhatisDiffie-Hellmanmostcommonlyusedfor?A.Symmetricencryptionkeyexchange
B.Signingdigitalcontracts
C.Securee-mail
D.Storingencryptedpasswords
6.Whatispublickeycryptographyamorecommonnamefor?A.Asymmetricencryption
B.SHA
C.Symmetricencryption
D.Hashing
7.Whatalgorithmcanbeusedtoprovideforkeystretching?A.PBKDF2
B.SHA356
C.RIPEMD
D.3DES
8.Agoodhashfunctionisresistanttowhat?
A.Brute-forcing
B.Rainbowtables
C.Interception
D.Collisions
9.Howis3DESanimprovementovernormalDES?A.Itusespublicandprivatekeys.
B.Ithashesthemessagebeforeencryption.
C.Itusesthreekeysandmultipleencryptionand/ordecryptionsets.
D.ItisfasterthanDES.
10.Whatisthebestkindofkeytohave?A.Easytoremember
B.Longandrandom
C.Longandpredictable
D.Short
EssayQuiz1.Describehowpolyalphabeticsubstitutionworks.2.Explainwhyasymmetricencryptioniscalledpublickeyencryption.3.Describecryptanalysis.
LabProjects
•LabProject5.1Usingautilityprogram,demonstratehowsinglecharacterchangescanmakesubstantialchangestohashvalues.
•LabProject5.2Createakeysetanduseittotransferafilesecurely.
chapter6 PublicKeyInfrastructure
Withouttrust,thereisnothing.
—ANONYMOUS
P
Inthischapter,youwilllearnhowto
Implementthebasicsofpublickeyinfrastructures
Describetheroleofregistrationauthorities
Usedigitalcertificates
Understandthelifecycleofcertificates
Explaintherelationshipbetweentrustandcertificateverification
Describetherolesofcertificateauthoritiesandcertificaterepositories
Identifycentralizedanddecentralizedinfrastructures
Describepublicandin-housecertificateauthorities
ublickeyinfrastructures(PKIs)arebecomingacentralsecurityfoundationformanagingidentitycredentialsinmanycompanies.Thetechnologymanagestheissueofbindingpublickeysandidentities
acrossmultipleapplications.Theotherapproach,withoutPKIs,istoimplementmanydifferentsecuritysolutionsandhopeforinteroperabilityandequallevelsofprotection.PKIscompriseseveralcomponents,includingcertificates,registration
andcertificateauthorities,andastandardprocessforverification.PKIsareaboutmanagingthesharingoftrustandusingathirdpartytovouchforthetrustworthinessofaclaimofownershipoveracredentialdocument,calledacertificate.
TheBasicsofPublicKeyInfrastructuresApublickeyinfrastructure(PKI)providesallthecomponentsnecessaryfordifferenttypesofusersandentitiestobeabletocommunicatesecurelyandinapredictablemanner.APKIismadeupofhardware,applications,policies,services,programminginterfaces,cryptographicalgorithms,protocols,users,andutilities.Thesecomponentsworktogethertoallow
communicationtotakeplaceusingpublickeycryptographyandsymmetrickeysfordigitalsignatures,dataencryption,andintegrity.
CrossCheckPKIsandEncryptionThetechnologiesusedinPKIincludemanycryptographicalgorithmsandmechanisms.EncryptiontechnologiesandpublickeyprincipleswerecoveredinChapter5.Abasicunderstandingofpublicandprivatekeysandtheirrelationshiptopublickeyencryptionisaprerequisiteforthischapter.Ifneeded,reviewthatmaterialbeforeyouattemptthedetailsofPKIinthischapter.
Althoughmanydifferentapplicationsandprotocolscanprovidethesametypeoffunctionality,constructingandimplementingaPKIboilsdowntoestablishingaleveloftrust.If,forexample,JohnandDianewanttocommunicatesecurely,Johncangeneratehisownpublic/privatekeypairandsendhispublickeytoDiane,orhecanplacehispublickeyinadirectorythatisavailabletoeveryone.IfDianereceivesJohn’spublickey,eitherfromhimorfromapublicdirectory,howdoessheknowthekeyreallycamefromJohn?Maybeanotherindividual,Katie,ismasqueradingasJohnandhasreplacedJohn’spublickeywithherown,asshowninFigure6.1(referredtoasaman-in-the-middleattack).Ifthistookplace,DianewouldbelievethathermessagescouldbereadonlybyJohnandthatthereplieswereactuallyfromhim.However,shewouldactuallybecommunicatingwithKatie.Whatisneededisawaytoverifyanindividual’sidentity,toensurethataperson’spublickeyisboundtotheiridentityandthusensurethatthepreviousscenario(andothers)cannottakeplace.
•Figure6.1WithoutPKIs,individualscouldspoofothers’identities.
InPKIenvironments,entitiescalledregistrationauthorities(RAs)andcertificateauthorities(CAs)provideservicessimilartothoseoftheDepartmentofMotorVehicles(DMV).WhenJohngoestoregisterforadriver’slicense,hehastoprovehisidentitytotheDMVbyprovidinghispassport,birthcertificate,orotheridentificationdocumentation.IftheDMVissatisfiedwiththeproofJohnprovides(andJohnpassesadrivingtest),theDMVwillcreateadriver’slicensethatcanthenbeusedbyJohntoprovehisidentity.WheneverJohnneedstoidentifyhimself,hecanshowhisdriver’slicense.AlthoughmanypeoplemaynottrustJohntoidentifyhimselftruthfully,theydotrustthethirdparty,theDMV.InthePKIcontext,whilesomevariationsexistinspecificproducts,the
RAwillrequireproofofidentityfromtheindividualrequestingacertificateandwillvalidatethisinformation.TheRAwillthenadvisetheCAtogenerateacertificate,whichisanalogoustoadriver’slicense.TheCAwilldigitallysignthecertificateusingitsprivatekey.TheuseoftheprivatekeyensurestotherecipientthatthecertificatecamefromtheCA.WhenDianereceivesJohn’scertificateandverifiesthatitwasactuallydigitallysignedbyaCAthatshetrusts,shewillbelievethatthecertificateisactuallyJohn’s—notbecauseshetrustsJohn,butbecauseshetruststheentitythatisvouchingforhisidentity(theCA).
TechTip
PublicandPrivateKeysRecallfromChapter5thatthepublickeyistheonethatyougivetoothersandtheprivatekeyneverleavesyourpossession.Anythingonekeydoes,theotherundoes,soifyouencryptsomethingwiththepublickey,onlytheholderoftheprivatekeycandecryptit.Ifyouencryptsomethingwiththeprivatekey,theneveryonewhousesthepublickeyknowsthattheholderoftheprivatekeydidtheencryption.Certificatesdonotalteranyofthis;theyonlyofferastandardmeansoftransferringkeys.
Thisiscommonlyreferredtoasathird-partytrustmodel.Publickeysarecomponentsofdigitalcertificates,sowhenDianeverifiestheCA’sdigitalsignature,thisverifiesthatthecertificateistrulyJohn’sandthatthepublickeythecertificatecontainsisalsoJohn’s.ThisishowJohn’sidentityisboundtohispublickey.ThisprocessallowsJohntoauthenticatehimselftoDianeandothers.
Usingthethird-partycertificate,JohncancommunicatewithDiane,usingpublickeyencryption,withoutpriorcommunicationorapreexistingrelationship.OnceDianeisconvincedofthelegitimacyofJohn’spublickey,shecan
useittoencryptmessagesbetweenherselfandJohn,asillustratedinFigure6.2.
•Figure6.2Publickeysarecomponentsofdigitalcertificates.
Numerousapplicationsandprotocolscangeneratepublic/privatekeypairsandprovidefunctionalitysimilartowhataPKIprovides,butnotrustedthirdpartyisavailableforbothofthecommunicatingparties.Foreachpartytochoosetocommunicatethiswaywithoutathirdpartyvouchingfortheother’sidentity,thetwomustchoosetotrusteachother
andthecommunicationchanneltheyareusing.Inmanysituations,itisimpracticalanddangeroustoarbitrarilytrustanindividualyoudonotknow,andthisiswhenthecomponentsofaPKImustfallintoplace—toprovidethenecessaryleveloftrustyoucannot,orchoosenotto,provideonyourown.
ExamTip:PKIsarecomposedofseveralelements:
•Certificates(containingkeys)
•Certificateauthorities(CAs)•Registrationauthorities(RAs)•Certificaterevocationlists(CRLs)•Trustmodels
Whatdoesthe“infrastructure”in“publickeyinfrastructure”reallymean?Aninfrastructureprovidesasustaininggroundworkuponwhichotherthingscanbebuilt.Soaninfrastructureworksatalowleveltoprovideapredictableanduniformenvironmentthatallowsother,higher-leveltechnologiestoworktogetherthroughuniformaccesspoints.Theenvironmentthattheinfrastructureprovidesallowsthesehigher-levelapplicationstocommunicatewitheachotherandgivesthemtheunderlyingtoolstocarryouttheirtasks.
CertificateAuthoritiesAcertificateauthority(CA)isatrustedauthoritythatcertifiesindividuals’identitiesandcreateselectronicdocumentsindicatingthatindividualsarewhotheysaytheyare.Theelectronicdocumentisreferredtoasadigitalcertificate,anditestablishesanassociationbetweenthesubject’sidentityandapublickey.Theprivatekeythatispairedwiththepublickeyinthecertificateisstoredseparately.
AsnotedinChapter5,itisimportanttosafeguardtheprivatekey.Typically,itshouldneverleavethemachineordevicewhereitwascreated.
ACAismorethanjustapieceofsoftware,however;itisactuallymadeupofthesoftware,hardware,procedures,policies,andpeoplewhoareinvolvedinvalidatingindividuals’identitiesandgeneratingthecertificates.Thismeansthatifoneofthesecomponentsiscompromised,itcannegativelyaffecttheCAoverallandcanthreatentheintegrityofthecertificatesitproduces.
CrossCheckCertificatesStoredonaClientPCCertificatesarestoredonuserPCs.Chapter17coverstheuseoftheInternetandassociatedmaterials,includingtheuseofcertificatesbywebbrowsers.TakeamomenttoexplorethecertificatesstoredonyourPCbyyourbrowser.Tounderstandthedetailsbehindhowcertificatesarestoredandmanaged,thereaderisdirectedtothedetailsinChapter17.
EveryCAshouldhaveacertificationpracticesstatement(CPS)thatoutlineshowidentitiesareverified;thestepstheCAfollowstogenerate,maintain,andtransmitcertificates;andwhytheCAcanbetrustedtofulfillitsresponsibilities.TheCPSdescribeshowkeysaresecured,whatdataisplacedwithina
digitalcertificate,andhowrevocationswillbehandled.IfacompanyisgoingtouseanddependonapublicCA,thecompany’ssecurityofficers,administrators,andlegaldepartmentshouldreviewtheCA’sentireCPStoensurethatitwillproperlymeetthecompany’sneeds,andtomakesurethatthelevelofsecurityclaimedbytheCAishighenoughfortheiruseandenvironment.AcriticalaspectofaPKIisthetrustbetweentheusersandtheCA,sotheCPSshouldbereviewedandunderstoodtoensurethat
thisleveloftrustiswarranted.Thecertificateserveristheactualservicethatissuescertificatesbased
onthedataprovidedduringtheinitialregistrationprocess.Theserverconstructsandpopulatesthedigitalcertificatewiththenecessaryinformationandcombinestheuser’spublickeywiththeresultingcertificate.ThecertificateisthendigitallysignedwiththeCA’sprivatekey.
TechTip
TrustingCAsThequestionofwhetheraCAcanbetrustedispartofthecontinuingdebateonhowmuchsecurityPKIsactuallyprovide.Overall,peopleputalotoffaithinCAs.ThecompaniesthatprovideCAservicesunderstandthisandalsounderstandthattheirbusinessisbasedontheirreputation.IfaCAwascompromisedordidnotfollowthroughonitsvariousresponsibilities,wordwouldgetoutanditwouldquicklylosecustomersandbusiness.CAsworkdiligentlytoensurethatthereputationoftheirproductsandservicesremainsgoodbyimplementingverysecurefacilities,methods,procedures,andpersonnel.Butitisuptothecompanyorindividualtodeterminewhatdegreeoftrustcanactuallybegivenandwhatlevelofriskisacceptable.
RegistrationAuthoritiesAregistrationauthority(RA)isthePKIcomponentthatacceptsarequestforadigitalcertificateandperformsthenecessarystepsofregisteringandauthenticatingthepersonrequestingthecertificate.Theauthenticationrequirementsdifferdependingonthetypeofcertificatebeingrequested.MostCAsofferaseriesofclassesofcertificateswithincreasingtrustbyclass.ThespecificclassesaredescribedintheupcomingTechTipsidebar,“CertificateClasses.”Eachhigherclassofcertificatecancarryoutmorepowerfulandcritical
tasksthantheonebelowit.Thisiswhythedifferentclasseshavedifferentrequirementsforproofofidentity.IfyouwanttoreceiveaClass1
certificate,youmayonlybeaskedtoprovideyourname,e-mailaddress,andphysicaladdress.ForaClass2certification,youmayneedtoprovidetheRAwithmoredata,suchasyourdriver’slicense,passport,andcompanyinformation,thatcanbeverified.ToobtainaClass3certificate,youwillbeaskedtoprovideevenmoreinformationandmostlikelywillneedtogototheRA’sofficeforaface-to-facemeeting.EachCAwilloutlinethecertificationclassesitprovidesandtheidentificationrequirementsthatmustbemettoacquireeachtypeofcertificate.
TechTip
CertificateClassesThetypesofcertificatesavailablecanvarybetweendifferentCAs,butusuallyatleastthreedifferenttypesareavailable,andtheyarereferredtoasclasses:
Class1AClass1certificateisusuallyusedtoverifyanindividual’sidentitythroughe-mail.ApersonwhoreceivesaClass1certificatecanusehispublic/privatekeypairtodigitallysigne-mailandencryptmessagecontents.
Class2AClass2certificatecanbeusedforsoftwaresigning.Asoftwarevendorwouldregisterforthistypeofcertificatesothatitcoulddigitallysignitssoftware.Thisprovidesintegrityforthesoftwareafteritisdevelopedandreleased,anditallowsthereceiverofthesoftwaretoverifyfromwherethesoftwareactuallycame.
Class3AClass3certificatecanbeusedbyacompanytosetupitsownCA,whichwillallowittocarryoutitsownidentificationverificationandgeneratecertificatesinternally.
Inmostsituations,whenauserrequestsaClass1certificate,theregistrationprocesswillrequiretheusertoenterspecificinformationintoaweb-basedform.Thewebpagewillhaveasectionthatacceptstheuser’spublickey,oritwillsteptheuserthroughcreatingapublic/privatekeypair,whichwillallowtheusertochoosethesizeofthekeystobecreated.Oncethesestepshavebeencompleted,thepublickeyisattachedtothecertificateregistrationformandbothareforwardedtotheRAforprocessing.TheRAisresponsibleonlyfortheregistrationprocessandcannotactuallygenerateacertificate.OncetheRAisfinishedprocessing
therequestandverifyingtheindividual’sidentity,theRAsendstherequesttotheCA.TheCAusestheRA-providedinformationtogenerateadigitalcertificate,integratesthenecessarydataintothecertificatefields(useridentificationinformation,publickey,validitydates,properuseforthekeyandcertificate,andsoon),andsendsacopyofthecertificatetotheuser.ThesestepsareshowninFigure6.3.Thecertificatemayalsobepostedtoapubliclyaccessibledirectorysothatotherscanaccessit.
•Figure6.3Stepsforobtainingadigitalcertificate
Notethata1:1correspondencedoesnotnecessarilyexistbetweenidentitiesandcertificates.Anentitycanhavemultiplekeypairs,usingseparatepublickeysforseparatepurposes.Thus,anentitycanhavemultiplecertificates,eachattestingtoseparatepublickeyownership.Itisalsopossibletohavedifferentclassesofcertificates,againwithdifferentkeys.Thisflexibilityallowsentitiestotaldiscretioninhowtheymanagetheirkeys,andthePKImanagesthecomplexitybyusingaunifiedprocessthatallowskeyverificationthroughacommoninterface.Ifanapplicationcreatesakeystorethatcanbeaccessedbyother
applications,itwillprovideastandardizedinterface,calledtheapplicationprogramminginterface(API).Asanexample,Figure6.4showsthatapplicationAwentthroughtheprocessofregisteringacertificateandgeneratingakeypair.Itcreatedakeystorethatprovidesaninterfacetoallowotherapplicationstocommunicatewithitandusetheitemsheldwithinthestore.Thelocalkeystoreisjustonelocationwheretheseitemscanbeheld.
Oftenthedigitalcertificateandpublickeyarealsostoredinacertificaterepository(asdiscussedinthe“CertificateRepositories”sectionofthischapter)sothatitisavailabletoasubsetofindividuals.
•Figure6.4Somekeystorescanbesharedbydifferentapplications.
ExamTip:TheRAverifiestheidentityofthecertificaterequestoronbehalfoftheCA.TheCAgeneratesthecertificateusinginformationforwardedbytheRA.
LocalRegistrationAuthoritiesAlocalregistrationauthority(LRA)performsthesamefunctionsasan
RA,buttheLRAisclosertotheendusers.ThiscomponentisusuallyimplementedincompaniesthathavetheirowninternalPKIsandhavedistributedsites.EachsitehasusersthatneedRAservices,soinsteadofrequiringthemtocommunicatewithonecentralRA,eachsitecanhaveitsownLRA.Thisreducestheamountoftrafficthatwouldbecreatedbyseveralusersmakingrequestsacrosswideareanetwork(WAN)lines.TheLRAperformsidentification,verification,andregistrationfunctions.Itthensendstherequest,alongwiththeuser’spublickey,toacentralizedCAsothatthecertificatecanbegenerated.ItactsasaninterfacebetweentheusersandtheCA.LRAssimplifytheRA/CAprocessforentitiesthatdesirecertificatesonlyforin-houseuse.
TechTip
SharingKeyStoresDifferentapplicationsfromthesamevendormaysharekeystores.MicrosoftapplicationskeepuserkeysandcertificatesinaRegistryentrywithinthatuser’sprofile.Theapplicationscanthensaveandretrievethemfromthissinglelocationorkeystore.OtherapplicationscouldalsousethesamekeysiftheyknewwheretheywerestoredbyusingRegistryAPIcalls.
DigitalCertificatesAdigitalcertificatebindsanindividual’sidentitytoapublickey,anditcontainsalltheinformationareceiverneedstobeassuredoftheidentityofthepublickeyowner.AfteranRAverifiesanindividual’sidentity,theCAgeneratesthedigitalcertificate,buthowdoestheCAknowwhattypeofdatatoinsertintothecertificate?ThecertificatesarecreatedandformattedbasedontheX.509standard,
whichoutlinesthenecessaryfieldsofacertificateandthepossiblevaluesthatcanbeinsertedintothefields.Asofthiswriting,X.509version3isthemostcurrentversionofthestandard.X.509isastandardoftheInternationalTelecommunicationUnion(www.itu.int).TheIETF’sPublic
KeyInfrastructure(X.509),orPKIX,workinggrouphasadaptedtheX.509standardtothemoreflexibleorganizationoftheInternet,asspecifiedinRFC5280,andiscommonlyreferredtoasPKIXforPublicKeyInfrastructureX.509.Table6.1listsanddescribesthefieldsinanX.509certificate.
Table6.1 X.509CertificateFields
Figure6.5showstheactualvaluesofthedifferentcertificatefieldsforaparticularcertificateinInternetExplorer.TheversionofthiscertificateisV3(X.509v3)andtheserialnumberisalsolisted—thisnumberisuniqueforeachcertificatethatiscreatedbyaspecificCA.TheCAusedtheMD5hashingalgorithmtocreatethemessagedigestvalueandthensigneditusingtheCA’sprivatekeyusingtheRSAalgorithm.TheactualCAthatissuedthecertificateisRootSGCAuthority,andthevaliddatesindicatehowlongthiscertificateisvalid.ThesubjectisMSSGCAuthority,whichistheentitythatregisteredthiscertificateandthatisboundtotheembeddedpublickey.Theactualpublickeyisshowninthelowerwindowandisrepresentedinhexadecimal.
•Figure6.5Fieldswithinadigitalcertificate
Thesubjectofacertificateiscommonlyaperson,butitdoesnothavetobe.Thesubjectcanalsobeanetworkdevice(router,webserver,firewall,andsoon),anapplication,adepartment,oracompany.Eachhasitsownidentitythatneedstobeverifiedandproventoanotherentitybeforesecure,trustedcommunicationcanbeinitiated.Ifanetworkdeviceisusingacertificateforauthentication,thecertificatemaycontaintheidentityofthatdevice.Thisallowsauserofthedevicetoverifyitsauthenticitybasedonthesignedcertificateandtrustinthesigningauthority.Thistrustcanbetransferredtotheidentityofthedeviceindicatingauthenticity.
TechTip
X.509DigitalCertificateExtensionsFollowingaresomekeyexamplesofcertificateextensions:
DigitalSignatureThekeyusedtoverifyadigitalsignature
KeyEnciphermentThekeyusedtoencryptotherkeysusedforsecurekeydistribution
DataEnciphermentThekeyusedtoencryptdata,whichcannotbeusedtoencryptotherkeys
CRLSignThekeyusedtoverifyaCAsignatureonaCRL
KeyCertSignThekeyusedtoverifyCAsignaturesoncertificates
NonRepudiationThekeyusedwhenanonrepudiationserviceisbeingprovided
CertificateExtensionsCertificateextensionsallowforfurtherinformationtobeinsertedwithinthecertificate,whichcanbeusedtoprovidemorefunctionalityinaPKIimplementation.Certificateextensionscanbestandardorprivate.StandardcertificateextensionsareimplementedforeveryPKI
implementation.Privatecertificateextensionsaredefinedforspecificorganizations(ordomainswithinoneorganization),andtheyallowcompaniestofurtherdefinedifferent,specificusesfordigitalcertificatestobestfittheirbusinessneeds.Severaldifferentextensionscanbeimplemented,onebeingkeyusage
extensions,whichdictatehowthepublickeythatisheldwithinthecertificatecanbeused.Rememberthatpublickeyscanbeusedfordifferentfunctions:symmetrickeyencryption,dataencryption,verifyingdigitalsignatures,andmore.Anonrepudiationservicecanbeprovidedbyathird-partynotary.Inthis
situation,thesender’sdigitalsignatureisverifiedandthensignedbythenotarysothatthesendercannotlaterdenysigningandsendingthemessage.Thisisbasicallythesamefunctionperformedbyatraditionalnotaryusingpaper—validatethesender’sidentityandvalidatethetimeanddateofanitembeingsignedandsent.Thisisrequiredwhenthereceiverneedstobereallysureofthesender’sidentityandwantstobelegallyprotectedagainstpossiblefraudorforgery.Ifacompanyneedstobesurethataccountablenonrepudiationservices
willbeprovided,atrustedtimesourceneedstobeused,whichcanbeatrustedthirdpartycalledatimestampauthority(TSA).Usingatrustedtimesourcegivesusersahigherlevelofconfidenceastowhenspecificmessagesweredigitallysigned.Forexample,supposeBarrysendsRonamessageanddigitallysignsit,andRonlatercivillysuesBarryoveradispute.ThisdigitallysignedmessagemaybesubmittedbyRonasevidencepertainingtoanearlieragreementthatBarrynowisnotfulfilling.IfatrustedtimesourcewasnotusedintheirPKIenvironment,Barrycouldclaimthathisprivatekeyhadbeencompromisedbeforethatmessagewassent.Ifatrustedtimesourcewasimplemented,thenitcouldbeshownthatthemessagewassignedbeforethedateonwhichBarryclaimshiskeywascompromised.Ifatrustedtimesourceisnotused,noactivitythatwascarriedoutwithinaPKIenvironmentcanbetrulyprovenbecauseitissoeasytochangesystemandsoftwaretimesettings.
TechTip
CriticalFlagandCertificateUsageWhenanextensionismarkedascritical,itmeansthattheCAiscertifyingthekeyforonlythatspecificpurpose.IfJoereceivesacertificatewithaDigitalSignaturekeyusageextensionandthecriticalflagisset,Joecanusethepublickeyonlywithinthatcertificatetovalidatedigitalsignatures,andnomore.Iftheextensionwasmarkedasnoncritical,thekeycanbeusedforpurposesoutsideofthoselistedintheextensions,sointhiscaseitisuptoJoe(andhisapplications)todecidehowthekeywillbeused.
CriticalandNoncriticalExtensionsCertificateextensionsareconsideredeithercriticalornoncritical,whichisindicatedbyaspecificflagwithinthecertificateitself.Whenthisflagissettocritical,itmeansthattheextensionmustbeunderstoodandprocessedbythereceiver.Ifthereceiverisnotconfiguredtounderstandaparticularextensionmarkedascritical,andthuscannotprocessitproperly,thecertificatecannotbeusedforitsproposedpurpose.Iftheflagdoesnotindicatethattheextensioniscritical,thecertificatecanbeusedfortheintendedpurpose,evenifthereceiverdoesnotprocesstheappendedextension.
CertificateAttributesFourmaintypesofcertificatesareused:
End-entitycertificates
CAcertificates
Cross-certificationcertificates
Policycertificates
End-entitycertificatesareissuedbyaCAtoaspecificsubject,suchas
Joyce,theAccountingdepartment,orafirewall,asillustratedinFigure6.6.Anend-entitycertificateistheidentitydocumentprovidedbyPKIimplementations.
•Figure6.6End-entityandCAcertificates
ACAcertificatecanbeself-signed,inthecaseofastandaloneorrootCA,oritcanbeissuedbyasuperiorCAwithinahierarchicalmodel.InthemodelinFigure6.6,thesuperiorCAgivestheauthorityandallowsthesubordinateCAtoacceptcertificaterequestsandgeneratetheindividualcertificatesitself.ThismaybenecessarywhenacompanyneedstohavemultipleinternalCAs,anddifferentdepartmentswithinanorganizationneedtohavetheirownCAsservicingtheirspecificend-entitiesintheirsections.Inthesesituations,arepresentativefromeachdepartmentrequiringaCAregisterswiththehighertrustedCAandrequestsaCertificateAuthoritycertificate.(PublicandprivateCAsarediscussedinthe“PublicCertificateAuthorities”and“In-HouseCertificateAuthorities”sectionslaterinthischapter,asarethedifferenttrustmodelsthatareavailableforcompanies.)Across-certificationcertificate,orcross-certificate,isusedwhen
independentCAsestablishpeer-to-peertrustrelationships.Simplyput,cross-certificatesareamechanismthroughwhichoneCAcanissueacertificateallowingitsuserstotrustanotherCA.WithinsophisticatedCAsusedforhigh-securityapplications,a
mechanismisrequiredtoprovidecentrallycontrolledpolicyinformationtoPKIclients.Thisisoftendonebyplacingthepolicyinformationinapolicycertificate.
CertificateLifecyclesKeysandcertificatesshouldhavelifetimesettingsthatforcetheusertoregisterforanewcertificateafteracertainamountoftime.Determiningtheproperlengthoftheselifetimesisatrade-off:shorterlifetimeslimittheabilityofattackerstocrackthem,butlongerlifetimeslowersystemoverhead.More-sophisticatedPKIimplementationsperformautomatedandoftentransparentkeyupdatestoavoidthetimeandexpenseofhavingusersregisterfornewcertificateswhenoldonesexpire.
Thismeansthatthecertificateandkeypairhasalifecyclethatmustbemanaged.Certificatemanagementinvolvesadministratingandmanagingeachofthesephases,includingregistration,certificateandkeygeneration,renewal,andrevocation.AdditionalmanagementfunctionsincludeCRLdistribution,certificatesuspension,andkeydestruction.
Settingcertificatelifetimeswayintothefutureandusingthemforlongperiodsoftimeprovidesattackerswithextendedwindowstoattackthecryptography.AsstatedinChapter5,cryptographymerelybuystimeagainstanattacker;itisneveranabsoluteguarantee.
RegistrationandGenerationAkeypair(publicandprivatekeys)canbegeneratedlocallybyanapplicationandstoredinalocalkeystoreontheuser’sworkstation.Thekeypaircanalsobecreatedbyacentralkey-generationserver,whichwillrequiresecuretransmissionofthekeystotheuser.Thekeypairthatiscreatedonthecentralizedservercanbestoredontheuser’sworkstationorontheuser’ssmartcard,whichwillallowformoreflexibilityandmobility.Theactofverifyingthatanindividualindeedhasthecorresponding
privatekeyforagivenpublickeyisreferredtoasproofofpossession.Notallpublic/privatekeypairscanbeusedfordigitalsignatures,soaskingtheindividualtosignamessageandreturnittoprovethatshehasthenecessaryprivatekeywillnotalwayswork.Ifakeypairisusedforencryption,theRAcansendachallengevaluetotheindividual,who,inturn,canuseherprivatekeytoencryptthatvalueandreturnittotheRA.IftheRAcansuccessfullydecryptthisvaluewiththepublickeythatwasprovidedearlier,theRAcanbeconfidentthattheindividualhasthenecessaryprivatekeyandcancontinuethroughtherestoftheregistrationphase.
Keyregenerationandreplacementisusuallydonetoprotectagainstthesetypesofthreats,althoughastheprocessingpowerofcomputersincreasesandourknowledgeofcryptographyandnewpossiblecryptanalysis-basedattacksexpands,keylifetimesmaydrasticallydecrease.Aswitheverythingwithinthesecurityfield,itisbettertobesafenowthantobesurprisedlaterandsorry.
ExamTip:Goodkeymanagementandproperkeyreplacementintervalsprotectkeysfrombeingcompromisedthroughhumanerror.Choosingalargekeysizemakesabrute-forceattackmoredifficult.
ThePKIadministratorusuallyconfigurestheminimumrequiredkeysizethatusersmustusetohaveakeygeneratedforthefirsttime,andthenforeachrenewal.Inmostapplications,thereisadrop-downlistofpossiblealgorithmstochoosefrom,andpossiblekeysizes.Thekeysizeshouldprovidethenecessarylevelofsecurityforthecurrentenvironment.Thelifetimeofthekeyshouldbelongenoughthatcontinualrenewalwillnotnegativelyaffectproductivity,butshortenoughtoensurethatthekeycannotbesuccessfullycompromised.
TechTip
Centralizedvs.LocalKeyGenerationInmostmodernPKIimplementations,usershavetwokeypairs.Onekeypairisoftengeneratedbyacentralserverandusedforencryptionandkeytransfers.ThisallowsthecorporatePKItoretainacopyoftheencryptionkeypairforrecovery,ifnecessary.Thesecondkeypair,adigitalsignaturekeypair,isusuallygeneratedbytheusertomakesurethatsheistheonlyonewithacopyoftheprivatekey.Nonrepudiationcanbechallengedifthereisanydoubtaboutsomeoneelseobtainingacopyofanindividual’ssignatureprivatekey.Ifthekeypairwascreatedonacentralizedserver,thatcouldweakenthecasethattheindividualwastheonlyonewhohadacopyofherprivatekey.Ifacopyofauser’ssignatureprivatekeyisstoredanywhereotherthaninherpossession,orifthereisapossibilityofsomeoneobtainingtheuser’skey,thentruenonrepudiationcannotbeprovided.
CSRAcertificatesigningrequest(CSR)istheactualrequesttoaCAcontainingapublickeyandtherequisiteinformationneededtogenerateacertificate.TheCSRcontainsalloftheidentifyinginformationthatistobeboundtothekeybythecertificategenerationprocess.
RenewalThecertificateitselfhasitsownlifetime,whichcanbedifferentfromthekeypair’slifetime.Thecertificate’slifetimeisspecifiedbythevaliditydatesinsertedintothedigitalcertificate.Thesearebeginningandendingdatesindicatingthetimeperiodduringwhichthecertificateisvalid.Thecertificatecannotbeusedbeforethestartdate,andoncetheenddateismet,thecertificateisexpiredandanewcertificatewillneedtobeissued.ArenewalprocessisdifferentfromtheregistrationphaseinthattheRA
assumesthattheindividualhasalreadysuccessfullycompletedoneregistrationround.Ifthecertificatehasnotactuallybeenrevoked,theoriginalkeysandcertificatecanbeusedtoprovidethenecessaryauthenticationinformationandproofofidentityfortherenewalphase.Thecertificatemayormaynotneedtochangeduringtherenewal
process;thisusuallydependsonwhytherenewalistakingplace.Ifthecertificatejustexpiredandthekeyswillstillbeusedforthesamepurpose,anewcertificatecanbegeneratedwithnewvaliditydates.If,however,thekeypairfunctionalityneedstobeexpandedorrestricted,newattributesandextensionsmayneedtobeintegratedintothenewcertificate.Thesenewfunctionalitiesmayrequiremoreinformationtobegatheredfromtheindividualrenewingthecertificate,especiallyiftheclasschangesorthenewkeyusesallowformorepowerfulabilities.Thisrenewalprocessisrequiredwhenthecertificatehasfulfilledits
lifetimeanditsendvaliditydatehasbeenmet.
SuspensionWhentheownerofacertificatewishestomarkacertificateasnolongervalidpriortoitsnaturalexpiration,twochoicesexist:revocationandsuspension.Revocation,discussedinthenextsection,isanactionwithapermanentoutcome.Insteadofbeingrevoked,acertificatecanbesuspended,meaningitistemporarilyputonhold.If,forexample,Bobistakinganextendedvacationandwantstoensurethathiscertificatewillnotbecompromisedorusedduringthattime,hecanmakeasuspensionrequesttotheCA.TheCRLwouldlistthiscertificateanditsserialnumber,andinthefieldthatdescribeswhythecertificateisrevoked,itwouldinsteadindicateaholdstate.OnceBobreturnstowork,hecanmakearequesttotheCAtoremovehiscertificatefromthelist.
ExamTip:Acertificatesuspensioncanbeausefulprocesstoolwhileinvestigatingwhetherornotacertificateshouldbeconsideredtobevalid.
Anotherreasontosuspendacertificateisifanadministratorissuspiciousthataprivatekeymighthavebeencompromised.Whiletheissueisunderinvestigation,thecertificatecanbesuspendedtoensurethatitcannotbeused.
Relyingonanexpirationdateonacertificateto“destroy”theutilityofakeywillnotwork.Anewcertificatecanbeissuedwithan“extendeddate.”Toendtheuseofakeyset,anentryinaCRListheonlysurewaytopreventreissuanceandre-datingofacertificate.
Revocation
Acertificatecanberevokedwhenitsvalidityneedstobeendedbeforeitsactualexpirationdateismet,andthiscanoccurformanyreasons:forexample,ausermayhavelostalaptoporasmartcardthatstoredaprivatekey;animpropersoftwareimplementationmayhavebeenuncoveredthatdirectlyaffectedthesecurityofaprivatekey;ausermayhavefallenvictimtoasocialengineeringattackandinadvertentlygivenupaprivatekey;dataheldwithinthecertificatemaynolongerapplytothespecifiedindividual;orperhapsanemployeeleftacompanyandshouldnotbeidentifiedasamemberofanin-housePKIanylonger.Inthelastinstance,thecertificate,whichwasboundtotheuser’skeypair,identifiedtheuserasanemployeeofthecompany,andtheadministratorwouldwanttoensurethatthekeypaircouldnotbeusedinthefuturetovalidatethisperson’saffiliationwiththecompany.Revokingthecertificatedoesthis.
Oncerevoked,acertificatecannotbereinstated.Thisistopreventanunauthorizedreinstatementbysomeonewhohasunauthorizedaccesstothekey(s).Akeypaircanbereinstatedforusebyissuinganewcertificateifatalatertimethekeysarefoundtobesecure.Theoldcertificatewouldstillbevoid,butthenewonewouldbevalid.
Ifanyofthesethingshappens,auser’sprivatekeyhasbeencompromisedorshouldnolongerbemappedtotheowner’sidentity.Adifferentindividualmayhaveaccesstothatuser’sprivatekeyandcoulduseittoimpersonateandauthenticateastheoriginaluser.Iftheimpersonatorusedthekeytodigitallysignamessage,thereceiverwouldverifytheauthenticityofthesenderbyverifyingthesignaturebyusingtheoriginaluser’spublickey,andtheverificationwouldgothroughperfectly—thereceiverwouldbelieveitcamefromthepropersenderandnottheimpersonator.Ifreceiverscouldlookatalistofcertificatesthathadbeenrevokedbeforeverifyingthedigitalsignature,however,theywouldknownottotrustthedigitalsignaturesonthelist.Becauseofissuesassociatedwiththeprivatekeybeingcompromised,revocationispermanentandfinal
—oncerevoked,acertificatecannotbereinstated.Ifreinstatementwasallowedandauserrevokedhiscertificate,thentheunauthorizedholderoftheprivatekeycoulduseittorestorethecertificatevalidity.
ExamTip:Acertificatecannotbeassumedtobevalidwithoutcheckingforrevocationbeforeeachuse.
CertificateRevocationListTheCAprovidesprotectionagainstimpersonationandsimilarfraudbymaintainingacertificaterevocationlist(CRL),alistofserialnumbersofcertificatesthathavebeenrevoked.TheCRLalsocontainsastatementindicatingwhytheindividualcertificateswererevokedandadatewhentherevocationtookplace.ThelistusuallycontainsallcertificatesthathavebeenrevokedwithinthelifetimeoftheCA.Certificatesthathaveexpiredarenotthesameasthosethathavebeenrevoked.Ifacertificatehasexpired,itmeansthatitsendvaliditydatewasreached.TheformatoftheCRLmessageisalsodefinedbyX.509.Thelistissigned,topreventtampering,andcontainsinformationoncertificatesthathavebeenrevokedandthereasonsfortheirrevocation.Theselistscangrowquitelong,andassuch,thereareprovisionsfordatetimestampingthelistandforissuingdeltalists,whichshowchangessincethelastlistwasissued.
TechTip
CRLReasonCodesPertheX.509v2CRLstandard,thefollowingreasonsforrevocationareused:
TheCAistheentitythatisresponsibleforthestatusofthecertificatesitgenerates;itneedstobetoldofarevocation,anditmustprovidethisinformationtoothers.TheCAisresponsibleformaintainingtheCRLandpostingitinapubliclyavailabledirectory.
ExamTip:Thecertificaterevocationlistisanessentialitemtoensureacertificateisstillvalid.CAspostCRLsinpubliclyavailabledirectoriestopermitautomatedcheckingofcertificatesagainstthelistbeforecertificateusebyaclient.AusershouldnevertrustacertificatethathasnotbeencheckedagainsttheappropriateCRL.
Weneedtohavesomesysteminplacetomakesurepeoplecannot
arbitrarilyhaveothers’certificatesrevoked,whetherforrevengeorformaliciouspurposes.Whenarevocationrequestissubmitted,theindividualsubmittingtherequestmustbeauthenticated.Otherwise,thiscouldpermitatypeofdenial-of-serviceattack,inwhichsomeonehasanotherperson’scertificaterevoked.Theauthenticationcaninvolveanagreed-uponpasswordthatwascreatedduringtheregistrationprocess,butauthenticationshouldnotbebasedontheindividualprovingthathehasthecorrespondingprivatekey,becauseitmayhavebeenstolen,andtheCAwouldbeauthenticatinganimposter.TheCRL’sintegrityneedstobeprotectedtoensurethatattackers
cannotmodifydatapertainingtoarevokedcertificationonthelist.Ifthiswereallowedtotakeplace,anyonewhostoleaprivatekeycouldjustdeletethatkeyfromtheCRLandcontinuetousetheprivatekeyfraudulently.Theintegrityofthelistalsoneedstobeprotectedtoensurethatbogusdataisnotaddedtoit.Otherwise,anyonecouldaddanotherperson’scertificatetothelistandeffectivelyrevokethatperson’scertificate.TheonlyentitythatshouldbeabletomodifyanyinformationontheCRListheCA.ThemechanismusedtoprotecttheintegrityofaCRLisadigital
signature.TheCA’srevocationservicecreatesadigitalsignaturefortheCRL,asshowninFigure6.7.Tovalidateacertificate,theuseraccessesthedirectorywheretheCRLisposted,downloadsthelist,andverifiestheCA’sdigitalsignaturetoensurethattheproperauthoritysignedthelistandtoensurethatthelistwasnotmodifiedinanunauthorizedmanner.Theuserthenlooksthroughthelisttodeterminewhethertheserialnumberofthecertificatethatheistryingtovalidateislisted.Iftheserialnumberisonthelist,theprivatekeyshouldnolongerbetrusted,andthepublickeyshouldnolongerbeused.Thiscanbeacumbersomeprocess,soithasbeenautomatedinseveralways,whicharedescribedinthenextsection.
•Figure6.7TheCAdigitallysignstheCRLtoprotectitsintegrity.
Oneconcernishowup-to-datetheCRLis—howoftenisitupdatedanddoesitactuallyreflectallthecertificatescurrentlyrevoked?TheactualfrequencywithwhichthelistisupdateddependsupontheCAanditscertificationpracticesstatement(CPS).Itisimportantthatthelistisupdatedinatimelymannersothatanyoneusingthelisthasthemostcurrentinformation.
CRLDistributionCRLfilescanberequestedbyindividualswhoneedtoverifyandvalidateanewlyreceivedcertificate,orthefilescanbeperiodicallypusheddown
(sent)toallusersparticipatingwithinaspecificPKI.ThismeanstheCRLcanbepulled(downloaded)byindividualuserswhenneededorpusheddowntoalluserswithinthePKIonatimedinterval.TheactualCRLfilecangrowsubstantially,andtransmittingthisfile
andrequiringPKIclientsoftwareoneachworkstationtosaveandmaintainitcanusealotofresources,sothesmallertheCRLis,thebetter.ItisalsopossibletofirstpushdownthefullCRLandsubsequentlypushdownonlydeltaCRLs,whichcontainonlythechangestotheoriginalorbaseCRL.ThiscangreatlyreducetheamountofbandwidthconsumedwhenupdatingCRLs.
TechTip
AuthorityRevocationListsInsomePKIimplementations,aseparaterevocationlistismaintainedforCAkeysthathavebeencompromisedorshouldnolongerbetrusted.Thislistisknownasanauthorityrevocationlist(ARL).IntheeventthataCA’sprivatekeyiscompromisedoracross-certificationiscancelled,therelevantcertificate’sserialnumberisincludedintheARL.AclientcanreviewanARLtomakesuretheCA’spublickeycanstillbetrusted.
InimplementationswheretheCRLsarenotpusheddowntoindividualsystems,theusers’PKIsoftwareneedstoknowwheretolookforthepostedCRLthatrelatestothecertificateitistryingtovalidate.ThecertificatemighthaveanextensionthatpointsthevalidatingusertothenecessaryCRLdistributionpoint.Thenetworkadministratorsetsupthedistributionpoints,andoneormorepointscanexistforaparticularPKI.Thedistributionpointholdsoneormorelistscontainingtheserialnumbersofrevokedcertificates,andtheuser’sPKIsoftwarescansthelist(s)fortheserialnumberofthecertificatetheuserisattemptingtovalidate.Iftheserialnumberisnotpresent,theuserisassuredthatithasnotbeenrevoked.Thisapproachhelpspointuserstotherightresourceandalsoreducestheamountofinformationthatneedstobescannedwhencheckingthatacertificatehasnotbeenrevoked.
OnlineCertificateStatusProtocol(OCSP)OnelastoptionforcheckingdistributedCRLsisanonlineservice.Whenaclientuserneedstovalidateacertificateandensurethatithasnotbeenrevoked,hecancommunicatewithanonlineservicethatwillquerythenecessaryCRLsavailablewithintheenvironment.ThisservicecanquerythelistsfortheclientinsteadofpushingdownthefullCRLtoeachandeverysystem.SoifJoereceivesacertificatefromStacy,hecancontactanonlineserviceandsendtoittheserialnumberlistedinthecertificateStacysent.TheonlineservicewouldquerythenecessaryCRLsandrespondtoJoe,indicatingwhetherornotthatserialnumberwaslistedasbeingrevoked.OneoftheprotocolsusedforonlinerevocationservicesistheOnline
CertificateStatusProtocol(OCSP),arequestandresponseprotocolthatobtainstheserialnumberofthecertificatethatisbeingvalidatedandreviewsrevocationlistsfortheclient.Theprotocolhasaresponderservicethatreportsthestatusofthecertificatebacktotheclient,indicatingwhetherithasbeenrevoked,isvalid,orhasanunknownstatus.Thisprotocolandservicesavestheclientfromhavingtofind,download,andprocesstherightlists.
ExamTip:CertificaterevocationchecksaredoneeitherbyexaminingtheCRLorbyusingOCSPtoseeifacertificatehasbeenrevoked.
KeyDestructionKeypairsandcertificateshavesetlifetimes,meaningthattheywillexpireatsomespecifiedtime.Itisimportantthatthecertificatesandkeysareproperlydestroyedwhenthattimecomes,whereverthekeysarestored(onusers’workstations,centralizedkeyservers,USBtokendevices,smartcards,andsoon).
TechTip
HistoricalRetentionofCertificatesNotethatinmodernPKIs,encryptionkeypairsusuallymustberetainedlongaftertheyexpiresothatuserscandecryptinformationthatwasencryptedwiththeoldkeys.Forexample,ifBobencryptsadocumentusinghiscurrentkeyandthekeysareupdatedthreemonthslater,Bob’ssoftwaremustmaintainacopyoftheoldkeysohecanstilldecryptthedocument.InthePKIworld,thisissueisreferredtoaskeyhistorymaintenance.
Thegoalistomakesurethatnoonecangainaccesstoakeyafteritslifetimehasendedandusethatkeyformaliciouspurposes.Anattackermightusethekeytodigitallysignorencryptamessagewiththehopesoftrickingsomeoneelseabouthisidentity(thiswouldbeanexampleofaman-in-themiddleattack).Also,iftheattackerisperformingsometypeofbrute-forceattackonyourcryptosystem,tryingtofigureoutspecifickeysthatwereusedforencryptionprocesses,obtaininganoldkeycouldgivehimmoreinsightintohowyourcryptosystemgenerateskeys.Thelessinformationyousupplytopotentialhackers,thebetter.
CertificateRepositoriesOncetherequestor’sidentityhasbeenproven,acertificateisregisteredwiththepublicsideofthekeypairprovidedbytherequestor.PublickeysmustbeavailabletoanybodywhorequiresthemtocommunicatewithinaPKIenvironment.Thesekeys,andtheircorrespondingcertificates,areusuallyheldinapubliclyavailablerepository.Certificaterepositoryisageneraltermthatdescribesacentralizeddirectorythatcanbeaccessedbyasubsetofindividuals.ThedirectoriesareusuallyLightweightDirectoryAccessProtocol(LDAP)–compliant,meaningthattheycanbeaccessedandsearchedviaanLDAPqueryfromanLDAPclient.Whenanindividualinitializescommunicationwithanother,thesender
cansendhercertificateandpublickeytothereceiver,whichwillallowthe
receivertocommunicatewiththesenderusingencryptionordigitalsignatures(orboth)withoutneedingtotrackdownthenecessarypublickeyinacertificaterepository.Thisisequivalenttothesendersaying,“Ifyouwouldliketoencryptanyfuturemessagesyousendtome,orifyouwouldliketheabilitytoverifymydigitalsignature,herearethenecessarycomponents.”Butifapersonwantstoencryptthefirstmessagesenttothereceiver,thesenderneedstofindthereceiver’spublickeyinacertificaterepository.
CrossCheckCertificatesandKeysCertificatesareastandardizedmethodofexchangingasymmetrickeyinformation.Tounderstandtheneedforcertificates,youshouldfirstbeabletoanswerthequestions:
WhatdoIneedapublickeyfor?
HowcanIgetsomeone’spublickey,andhowdoIknowitistheirs?
Forarefresheronhowpublicandprivatekeyscomeintoplaywithencryptionanddigitalsignatures,refertoChapter5.
Acertificaterepositoryisaholdingplaceforindividuals’certificatesandpublickeysthatareparticipatinginaparticularPKIenvironment.ThesecurityrequirementsforrepositoriesthemselvesarenotashighasthoseneededforactualCAsandfortheequipmentandsoftwareusedtocarryoutCAfunctions.SinceeachcertificateisdigitallysignedbytheCA,ifacertificatestoredinthecertificaterepositoryismodified,therecipientwillbeabletodetectthischangeandknownottoacceptthecertificateasvalid.
TrustandCertificateVerificationWeneedtouseaPKIifwedonotautomaticallytrustindividualswedonotknow.Securityisaboutbeingsuspiciousandbeingsafe,soweneeda
thirdpartythatwedotrusttovouchfortheotherindividualbeforeconfidencecanbeinstilledandsensitivecommunicationcantakeplace.ButwhatdoesitmeanthatwetrustaCA,andhowcanweusethistoouradvantage?WhenauserchoosestotrustaCA,shewilldownloadthatCA’sdigital
certificateandpublickey,whichwillbestoredonherlocalcomputer.MostbrowsershavealistofCAsconfiguredtobetrustedbydefault,sowhenauserinstallsanewwebbrowser,severalofthemostwell-knownandmosttrustedCAswillbetrustedwithoutanychangeofsettings.AnexampleofthislistingisshowninFigure6.8.
•Figure6.8BrowsershavealonglistofCAsconfiguredtobetrustedbydefault.
IntheMicrosoftCAPIenvironment,theusercanaddandremoveCAsfromthislistasneeded.Inproductionenvironmentsthatrequireahigherdegreeofprotection,thislistwillbepruned,andpossiblytheonlyCAslistedwillbethecompany’sinternalCAs.Thisensuresthatdigitallysignedsoftwarewillbeautomaticallyinstalledonlyifitwassignedbythecompany’sCA.Otherproducts,suchasEntrust,usecentrallycontrolledpoliciestodeterminewhichCAsaretobetrusted,insteadofexpectingtheusertomakethesecriticaldecisions.
TechTip
DistinguishedNamesAdistinguishednameisalabelthatfollowstheX.500standard.Thisstandarddefinesanamingconventionthatcanbeemployedsothateachsubjectwithinanorganizationhasauniquename.Anexampleis{Country=US,Organization=RealSecure,OrganizationalUnit=R&D,Location=Washington}.CAsusedistinguishednamestoidentifytheownersofspecificcertificates.
Anumberofstepsareinvolvedincheckingthevalidityofamessage.Suppose,forexample,thatMaynardreceivesadigitallysignedmessagefromJoyce,whohedoesnotknowortrust.Joycehasalsoincludedherdigitalcertificatewithhermessage,whichhasherpublickeyembeddedwithinit.BeforeMaynardcanbesureoftheauthenticityofthismessage,hehassomeworktodo.ThestepsareillustratedinFigure6.9.
•Figure6.9Stepsforverifyingtheauthenticityandintegrityofacertificate
First,MaynardseeswhichCAsignedJoyce’scertificateandcomparesittothelistofCAshehasconfiguredwithinhiscomputer.HetruststheCAsinhislistandnoothers.(IfthecertificatewassignedbyaCAthathedoesnothaveinthelist,hewouldnotacceptthecertificateasbeingvalid,andthushecouldnotbesurethatthismessagewasactuallysentfromJoyceorthattheattachedkeywasactuallyherpublickey.)
Becausecertificatesproducechainsoftrust,havinganunnecessarycertificateinyourcertificatestorecouldleadtotrustproblems.Bestpracticesindicatethatyoushouldunderstandthecertificatesinyourstore,andtheneedforeach.Whenindoubt,removeit.Ifitisneeded,youcanadditbacklater.
MaynardseesthattheCAthatsignedJoyce’scertificateisindeedinhislistoftrustedCAs,sohenowneedstoverifythatthecertificatehasnotbeenaltered.UsingtheCA’spublickeyandthedigestofthecertificate,Maynardcanverifytheintegrityofthecertificate.ThenMaynardcanbeassuredthatthisCAdidactuallycreatethecertificate,sohecannowtrusttheoriginofJoyce’scertificate.Theuseofdigitalsignaturesallowscertificatestobesavedinpublicdirectorieswithouttheconcernofthembeingaccidentallyorintentionallyaltered.Ifauserextractsacertificatefromarepositoryandcreatesamessagedigestvaluethatdoesnotmatchthedigitalsignatureembeddedwithinthecertificateitself,thatuserwillknowthatthecertificatehasbeenmodifiedbysomeoneotherthantheCA,andhewillknownottoacceptthevalidityofthecorrespondingpublickey.Similarly,anattackercouldnotcreateanewmessagedigest,encryptit,andembeditwithinthecertificatebecausehewouldnothaveaccesstotheCA’sprivatekey.
ButMaynardisnotdoneyet.HeneedstobesurethattheissuingCAhasnotrevokedthiscertificate.Thecertificatealsohasstartandstopdates,indicatingatimeduringwhichthecertificateisvalid.Ifthestartdatehasn’thappenedyetorthestopdatehasbeenpassed,thecertificateisnotvalid.Maynardreviewsthesedatestomakesurethecertificateisstilldeemedvalid.AnotherstepMaynardmaygothroughistocheckwhetherthis
certificatehasbeenrevokedforanyreason.Todoso,hewillrefertothecertificaterevocationlist(CRL)toseeifJoyce’scertificateislisted.HecouldchecktheCRLdirectlywiththeCAthatissuedthecertificateorviaaspecializedonlineservicethatsupportstheOnlineCertificateStatusProtocol(OCSP).(Certificaterevocationandlistdistributionwereexplainedinthe“CertificateLifecycles”section,earlierinthischapter.)
TechTip
ValidatingaCertificateThefollowingstepsarerequiredforvalidatingacertificate:
1.ComparetheCAthatdigitallysignedthecertificatetoalistofCAsthathavealreadybeenloadedintothereceiver’scomputer.
2.Calculateamessagedigestforthecertificate.3.UsetheCA’spublickeytodecryptthedigitalsignatureandrecoverwhatisclaimedtobe
theoriginalmessagedigestembeddedwithinthecertificate(validatingthedigitalsignature).
4.Comparethetworesultingmessagedigestvaluestoensuretheintegrityofthecertificate.5.Reviewtheidentificationinformationwithinthecertificate,suchasthee-mailaddress.6.Reviewthevaliditydates.7.Checkarevocationlisttoseeifthecertificatehasbeenrevoked.
MaynardnowtruststhatthiscertificateislegitimateandthatitbelongstoJoyce.Nowwhatdoesheneedtodo?ThecertificateholdsJoyce’spublickey,whichheneedstovalidatethedigitalsignaturesheappendedtohermessage,soMaynardextractsJoyce’spublickeyfromher
certificate,runshermessagethroughahashingalgorithm,andcalculatesamessagedigestvalueofX.HethenusesJoyce’spublickeytodecryptherdigitalsignature(rememberthatadigitalsignatureisjustamessagedigestencryptedwithaprivatekey).ThisdecryptionprocessprovideshimwithanothermessagedigestofvalueY.MaynardcomparesvaluesXandY,andiftheyarethesame,heisassuredthatthemessagehasnotbeenmodifiedduringtransmission.Thushehasconfidenceintheintegrityofthemessage.ButhowdoesMaynardknowthatthemessageactuallycamefromJoyce?Becausehecandecryptthedigitalsignatureusingherpublickey,whichindicatesthatonlytheassociatedprivatekeycouldhavebeenused.Thereisaminisculeriskthatsomeonecouldcreateanidenticalkeypair,butgiventheenormouskeyspaceforpublickeys,thisisimpractical.Thepublickeycanonlydecryptsomethingthatwasencryptedwiththerelatedprivatekey,andonlytheowneroftheprivatekeyissupposedtohaveaccesstoit.MaynardcanbesurethatthismessagecamefromJoyce.Afterallofthishereadshermessage,whichsays,“Hi.Howareyou?”
Allofthatworkjustforthismessage?Maynard’sbloodpressurewouldsurelygothroughtheroofifhehadtodoallofthisworkonlytoendupwithashortandnotveryusefulmessage.Fortunately,allofthisPKIworkisperformedwithoutuserinterventionandhappensbehindthescenes.Maynarddidn’thavetoexertanyenergy.Hesimplyreplies,“Fine.Howareyou?”
CentralizedandDecentralizedInfrastructuresKeysusedforauthenticationandencryptionwithinaPKIenvironmentcanbegeneratedinacentralizedordecentralizedmanner.Inadecentralizedapproach,softwareonindividualcomputersgeneratesandstorescryptographickeyslocaltothesystemsthemselves.Inacentralizedinfrastructure,thekeysaregeneratedandstoredonacentralserver,andthekeysaretransmittedtotheindividualsystemsasneeded.Youmightchooseonetypeovertheotherforseveralreasons.Ifacompanyusesanasymmetricalgorithmthatisresource-intensiveto
generatethepublic/privatekeypair,andiflarge(andresource-intensive)keysizesareneeded,thentheindividualcomputersmaynothavethenecessaryprocessingpowertoproducethekeysinanacceptablefashion.Inthissituation,thecompanycanchooseacentralizedapproachinwhichaveryhigh-endserverwithpowerfulprocessingabilitiesisused,probablyalongwithahardware-basedrandomnumbergenerator.Centralkeygenerationandstorageoffersotherbenefitsaswell.For
example,itismucheasiertobackupthekeysandimplementkeyrecoveryprocedureswithcentralstoragethanwithadecentralizedapproach.Implementingakeyrecoveryprocedureoneachandeverycomputerholdingoneormorekeypairsisdifficult,andmanyapplicationsthatgeneratetheirownkeypairsdonotusuallyinterfacewellwithacentralizedarchivesystem.Thismeansthatifacompanychoosestoallowitsindividualuserstocreateandmaintaintheirownkeypairsontheirseparateworkstations,norealkeyrecoveryprocedurecanbeputinplace.Thisputsthecompanyatrisk.Ifanemployeeleavestheorganizationorisunavailableforonereasonoranother,thecompanymaynotbeabletoaccessitsownbusinessinformationthatwasencryptedbythatemployee.Soacentralizedapproachseemslikethebestapproach,right?Well,the
centralizedmethodhassomedrawbackstoconsider,too.Securekeydistributionisatrickyevent.Thiscanbemoredifficultthanitsounds.Atechnologyneedstobeemployedthatwillsendthekeysinanencryptedmanner,ensurethekeys’integrity,andmakesurethatonlytheintendeduserisreceivingthekey.Also,theserverthatcentrallystoresthekeysneedstobehighly
availableandisapotentialsinglepointoffailure,sosometypeoffaulttoleranceorredundancymechanismmayneedtobeputintoplace.Ifthatoneservergoesdown,userscouldnotaccesstheirkeys,whichmightpreventthemfromproperlyauthenticatingtothenetwork,resources,andapplications.Also,sinceallthekeysareinoneplace,theserverisaprimetargetforanattacker—ifthecentralkeyserveriscompromised,thewholeenvironmentiscompromised.Oneotherissuepertainstohowthekeyswillactuallybeused.Ifa
public/privatekeypairisbeinggeneratedfordigitalsignatures,andifthecompanywantstoensurethatitcanbeusedtoprovidetrueauthenticityandnonrepudiation,thekeysshouldnotbegeneratedatacentralizedserver.Thiswouldintroducedoubtthatonlytheonepersonhadaccesstoaspecificprivatekey.Itisbettertogenerateend-userkeysonalocalmachinetoeliminatedoubtaboutwhodidtheworkand“owns”thekeys.Ifacompanyusessmartcardstoholdusers’privatekeys,eachprivate
keyoftenhastobegeneratedonthecarditselfandcannotbecopiedforarchivingpurposes.Thisisadisadvantageofthecentralizedapproach.Inaddition,sometypesofapplicationshavebeendevelopedtocreatetheirownpublic/privatekeypairsanddonotallowotherkeystobeimportedandused.Thismeansthekeyswouldhavetobecreatedlocallybytheseapplications,andkeysfromacentralservercouldnotbeused.Thesearejustsomeoftheconsiderationsthatneedtobeevaluatedbeforeanydecisionismadeandimplementationbegins.
HardwareSecurityModulesPKIscanbeconstructedinsoftwarewithoutspecialcryptographichardware,andthisisperfectlysuitableformanyenvironments.Butsoftwarecanbevulnerabletoviruses,hackers,andhacking.Ifacompanyrequiresahigherlevelofprotectionthanapurelysoftware-basedsolutioncanprovide,severalhardware-basedsolutionsareavailable.Ahardwaresecuritymodule(HSM)isaphysicaldevicethatsafeguardscryptographickeys.HSMsenableahigherlevelofsecurityfortheuseofkeys,includinggenerationandauthentication.Inmostsituations,HSMsolutionsareusedonlyforthemostcriticaland
sensitivekeys,whicharetherootkeyandpossiblytheintermediateCAprivatekeys.Ifthosekeysarecompromised,thewholesecurityofthePKIisgravelythreatened.IfapersonobtainedarootCAprivatekey,shecoulddigitallysignanycertificate,andthatcertificatewouldbequicklyacceptedbyallentitieswithintheenvironment.Suchanattackermightbeabletocreateacertificatethathasextremelyhighprivileges,perhapsallowingher
tomodifybankaccountinformationinafinancialinstitution,andnoalertsorwarningswouldbeinitiatedbecausetheultimateCA,therootCA,signedit.
TechTip
StoringCriticalKeysHSMstakemanydifferentforms,includingembeddedcards,network-attacheddevices,andevenUSBflashdrives.HSMsassistintheuseofcryptographickeysacrossthelifecycle.Theycanprovidededicatedsupportforcentralizedlifecyclemanagement,fromgenerationtodistribution,storage,termination,archiving,andrecordkeeping.HSMscanincreasetheefficiencyofcryptographicoperationsandassistincomplianceefforts.CommonusesincludeuseinPCIDSSsolutions,DNSSEC,signingoperationsincludingcertificates,code,documents,ande-mail,andlarge-scaledataencryptionefforts.
PrivateKeyProtectionAlthoughaPKIimplementationcanbecomplex,withmanydifferentcomponentsandoptions,acriticalconceptcommontoallPKIsmustbeunderstoodandenforced:theprivatekeyneedstostayprivate.Adigitalsignatureiscreatedsolelyforthepurposeofprovingwhosentaparticularmessagebyusingaprivatekey.Thisrestsontheassumptionthatonlyonepersonhasaccesstothisprivatekey.Ifanimposterobtainsauser’sprivatekey,authenticityandnonrepudiationcannolongerbeclaimedorproven.Whenaprivatekeyisgeneratedforthefirsttime,itmustbestored
somewhereforfutureuse.Thisstorageareaisreferredtoasakeystore,anditisusuallycreatedbytheapplicationregisteringforacertificate,suchasawebbrowser,smartcardsoftware,orotherapplication.Inmostimplementations,theapplicationwillprompttheuserforapassword,whichwillbeusedtocreateanencryptionkeythatprotectsthekeystore.So,forexample,ifCherylusedherwebbrowsertoregisterforacertificate,herprivatekeywouldbegeneratedandstoredinthekeystore.Cherylwouldthenbepromptedforapassword,whichthesoftwarewould
usetocreateakeythatwillencryptthekeystore.WhenCherylneedstoaccessthisprivatekeylaterthatday,shewillbepromptedforthesamepassword,whichwilldecryptthekeystoreandallowheraccesstoherprivatekey.Unfortunately,manyapplicationsdonotrequirethatastrongpassword
becreatedtoprotectthekeystore,andinsomeimplementationstheusercanchoosenottoprovideapasswordatall.Theuserstillhasaprivatekeyavailable,anditisboundtotheuser’sidentity,sowhyisapasswordevennecessary?If,forexample,Cheryldecidednottouseapassword,andanotherpersonsatdownathercomputer,hecoulduseherwebbrowserandherprivatekeyanddigitallysignamessagethatcontainsanastyvirus.IfCheryl’scoworkerCliffreceivedthismessage,hewouldthinkitcamefromCheryl,openthemessage,anddownloadthevirus.Themoraltothisstoryisthatusersshouldberequiredtoprovidesometypeofauthenticationinformation(password,smartcard,PIN,orthelike)beforebeingabletouseprivatekeys.Otherwise,thekeyscouldbeusedbyotherindividualsorimposters,andauthenticationandnonrepudiationwouldbeofnouse.BecauseaprivatekeyisacrucialcomponentofanyPKI
implementation,thekeyitselfshouldcontainthenecessarycharacteristicsandbeprotectedateachstageofitslife.Thefollowinglistsumsupthecharacteristicsandrequirementsofproperprivatekeyuse:
Thesecurityassociatedwiththeuseofpublickeycryptographyrevolvesaroundthesecurityoftheprivatekey.Nonrepudiationdependsupontheprinciplethattheprivatekeyisonlyaccessibletotheholderofthekey.Ifanotherpersonhasaccesstotheprivatekey,theycanimpersonatetheproperkeyholder.
Thekeysizeshouldprovidethenecessarylevelofprotectionfortheenvironment.
Thelifetimeofthekeyshouldcorrespondwithhowoftenitisused
andthesensitivityofthedataitisprotecting.
Thekeyshouldbechangedattheendofitslifetimeandnotusedpastitsallowedlifetime.
Whereappropriate,thekeyshouldbeproperlydestroyedattheendofitslifetime.
Thekeyshouldneverbeexposedincleartext.
Nocopiesoftheprivatekeyshouldbemadeifitisbeingusedfordigitalsignatures.
Thekeyshouldnotbeshared.
Thekeyshouldbestoredsecurely.
Authenticationshouldberequiredbeforethekeycanbeused.
Thekeyshouldbetransportedsecurely.
Softwareimplementationsthatstoreandusethekeyshouldbeevaluatedtoensuretheyprovidethenecessarylevelofprotection.
Ifdigitalsignatureswillbeusedforlegalpurposes,thesepointsandothersmayneedtobeauditedtoensurethattrueauthenticityandnonrepudiationareprovided.
Themostsensitiveandcriticalpublic/privatekeypairsarethoseusedbyCAstodigitallysigncertificates.Theseneedtobehighlyprotectedbecauseiftheywereevercompromised,thetrustrelationshipbetweentheCAandalloftheend-entitieswouldbethreatened.Inhigh-securityenvironments,thesekeysareoftenkeptinatamper-proofhardwareencryptionstore,suchasanHSM,andareaccessibleonlytoindividualswithaneedtoknow.
KeyRecovery
Oneindividualcouldhaveone,two,ormanykeypairsthataretiedtohisorheridentity.Thatisbecauseusersmayhavedifferentneedsandrequirementsforpublic/privatekeypairs.Asmentionedearlier,certificatescanhavespecificattributesandusagerequirementsdictatinghowtheircorrespondingkeyscanandcannotbeused.Forexample,Davidcanhaveonekeypairheusestoencryptandtransmitsymmetrickeys,anotherkeypairthatallowshimtoencryptdata,andyetanotherkeypairtoperformdigitalsignatures.Davidcanalsohaveadigitalsignaturekeypairforhiswork-relatedactivitiesandanotherkeypairforpersonalactivities,suchase-mailinghisfriends.Thesekeypairsneedtobeusedonlyfortheirintendedpurposes,andthisisenforcedthroughcertificateattributesandusagevalues.Ifacompanyisgoingtoperformkeyrecoveryandmaintainakey
recoverysystem,itwillgenerallybackuponlythekeypairusedtoencryptdata,notthekeypairsthatareusedtogeneratedigitalsignatures.Thereasonthatacompanyarchiveskeysistoensurethatifapersonleavesthecompany,fallsoffacliff,orforsomereasonisunavailabletodecryptimportantcompanyinformation,thecompanycanstillgettoitscompany-owneddata.Thisisjustamatteroftheorganizationprotectingitself.Acompanywouldnotneedtobeabletorecoverakeypairthatisusedfordigitalsignatures,sincethosekeysaretobeusedonlytoprovetheauthenticityoftheindividualwhosentamessage.Acompanywouldnotbenefitfromhavingaccesstothosekeysandreallyshouldnothaveaccesstothem,sincetheyaretiedtooneindividualforaspecificpurpose.Twosystemsareimportantforbackingupandrestoringcryptographic
keys:keyarchivingandkeyrecovery.Keyarchivingisawayofbackingupkeysandsecurelystoringtheminarepository;keyrecoveryistheprocessofrestoringlostkeystotheusersorthecompany.
ExamTip:Keyarchivingistheprocessofstoringasetofkeystobeusedasabackupshouldsomethinghappentotheoriginalset.Keyrecoveryistheprocessofusingthebackupkeys.
Ifkeysarebackedupandstoredinacentralizedcomputer,thissystemmustbetightlycontrolled,becauseifitwerecompromised,anattackerwouldhaveaccesstoallkeysfortheentireinfrastructure.Also,itisusuallyunwisetoauthorizeasinglepersontobeabletorecoverallthekeyswithintheenvironment,becausethatpersoncouldusethispowerforevilpurposesinsteadofjustrecoveringkeyswhentheyareneededforlegitimatepurposes.Insecuritysystems,itisbestnottofullytrustanyone.Dualcontrolcanbeusedaspartofasystemtobackupandarchivedata
encryptionkeys.PKIsystemscanbeconfiguredtorequiremultipleindividualstobeinvolvedinanykeyrecoveryprocess.Whenakeyrecoveryisrequired,atleasttwopeoplecanberequiredtoauthenticatebythekeyrecoverysoftwarebeforetherecoveryprocedureisperformed.Thisenforcesseparationofduties,whichmeansthatonepersoncannotcompleteacriticaltaskbyhimself.Requiringtwoindividualstorecoveralostkeytogetheriscalleddualcontrol,whichsimplymeansthattwopeoplehavetobepresenttocarryoutaspecifictask.
TechTip
KeysplittingSecretsplittingusingmofnauthenticationschemescanimprovesecuritybyrequiringthatmultiplepeopleperformcriticalfunctions,preventingasinglepartyfromcompromisingasecret.BesuretounderstandtheconceptofmofnfortheCompTIASecurity+exam.
Thisapproachtokeyrecoveryisreferredtoasthemofnauthentication,wherennumberofpeoplecanbeinvolvedinthekeyrecoveryprocess,butatleastm(whichisasmallernumberthann)mustbeinvolvedbeforethetaskcanbecompleted.Thegoalistominimizefraudulentorimproperuseofaccessandpermissions.Acompanywouldnotrequireallpossibleindividualstobeinvolvedintherecoveryprocess,becausegettingallthepeopletogetheratthesametimecouldbeimpossibleconsideringmeetings,vacations,sicktime,andtravel.Atleastsomeofallpossible
individualsmustbeavailabletoparticipate,andthisisthesubsetmofthenumbern.Thisformofsecretsplittingcanincreasesecuritybyrequiringmultiplepeopletoperformaspecificfunction.Requiringtoomanypeopleforthemsubsetincreasesissuesassociatedwithavailability,whereasrequiringtoofewincreasestheriskofasmallnumberofpeoplecolludingtocompromiseasecret.
ExamTip:Recoveryagentisthetermforanentitythatisgivenapublickeycertificateforrecoveringuserdatathatisencrypted.ThisisthemostcommontypeofrecoverypolicyusedinPKIbutaddstheriskoftherecoveryagenthavingaccesstosecuredinformation.
Allkeyrecoveryproceduresshouldbehighlyaudited.Theauditlogsshouldcaptureatleastwhatkeyswererecovered,whowasinvolvedintheprocess,andthetimeanddate.KeysareanintegralpieceofanyencryptioncryptosystemandarecriticaltoaPKIenvironment,soyouneedtotrackwhodoeswhatwiththem.
KeyEscrowKeyrecoveryandkeyescrowaretermsthatareoftenusedinterchangeably,buttheyactuallydescribetwodifferentthings.Youshouldnotusetheminterchangeablyafteryouhavereadthissection.
ExamTip:Keyrecoveryisaprocessthatallowsforlostkeystoberecovered.Keyescrowisaprocessofgivingkeystoathirdpartysothattheycandecryptandreadsensitiveinformationwhenthisneedarises.
Keyescrowistheprocessofgivingkeystoathirdpartysothattheycandecryptandreadsensitiveinformationiftheneedarises.Keyescrow
almostalwayspertainstohandingoverencryptionkeystothegovernment,ortoanotherhigherauthority,sothatthekeyscanbeusedtocollectevidenceduringinvestigations.Akeypairusedinaperson’splaceofworkmayberequiredtobeescrowedbytheemployerfortworeasons.First,thekeysarepropertyoftheenterprise,issuedtotheworkerforuse.Second,thefirmmayhaveneedforthemafteranemployeeleavesthefirm.
ExamTip:Keyescrow,allowinganothertrustedpartytoholdacopyofakey,haslongbeenacontroversialtopic.Thisessentialbusinessprocessprovidescontinuityshouldtheauthorizedkey-holdingpartyleaveanorganizationwithoutdisclosingkeys.Thesecurityoftheescrowedkeyisaconcern,anditneedstobemanagedatthesamesecuritylevelasfortheoriginalkey.
Severalmovements,supportedbypartsoftheU.S.government,wouldrequireallormanypeopleresidingintheUnitedStatestohandovercopiesofthekeystheyusetoencryptcommunicationchannels.Themovementinthelate1990sbehindtheClipperchipisthemostwell-knownefforttoimplementthisrequirementandprocedure.ItwassuggestedthatallAmerican-madecommunicationdevicesshouldhaveahardwareencryptionchipwithinthem.Thechipcouldbeusedtoencryptdatagoingbackandforthbetweentwoindividuals,butifagovernmentagencydecidedthatitshouldbeabletoeavesdroponthisdialog,itwouldjustneedtoobtainacourtorder.Ifthecourtorderwasapproved,alawenforcementagentwouldtaketheordertotwoescrowagencies,eachofwhichwouldhaveapieceofthekeythatwasnecessarytodecryptthiscommunicationinformation.Theagentwouldobtainbothpiecesofthekeyandcombinethem,whichwouldallowtheagenttolisteninontheencryptedcommunicationoutlinedinthecourtorder.TheClipperchipstandardneversawthelightofdaybecauseitseemed
too“BigBrother”tomanyAmericancitizens.Buttheideawasthattheencryptionkeyswouldbeescrowedtotwoagencies,meaningthateachagencywouldholdonepieceofthekey.Oneagencycouldnotholdthe
wholekey,becauseitcouldthenusethiskeytowiretappeople’sconversationsillegally.Splittingupthekeyisanexampleofseparationofduties,putintoplacetotryandpreventfraudulentactivities.ThecurrentissueofgovernmentsdemandingaccesstokeystodecryptinformationiscoveredinChapter24.
PublicCertificateAuthoritiesAnindividualorcompanymaydecidetorelyonaCAthatisalreadyestablishedandbeingusedbymanyotherindividualsandcompanies—apublicCA.Acompany,ontheotherhand,maydecidethatitneedsitsownCAforinternaluse,whichgivesthecompanymorecontroloverthecertificateregistrationandgenerationprocessandallowsittoconfigureitemsspecificallyforitsownneeds.ThissecondtypeofCAisreferredtoasaprivateCA(orin-houseCA),discussedinthenextsection.ApublicCAspecializesinverifyingindividualidentitiesandcreating
andmaintainingtheircertificates.Thesecompaniesissuecertificatesthatarenotboundtospecificcompaniesorintracompanydepartments.Instead,theirservicesaretobeusedbyalargerandmorediversifiedgroupofpeopleandorganizations.IfacompanyusesapublicCA,thecompanywillpaytheCAorganizationforindividualcertificatesandfortheserviceofmaintainingthesecertificates.SomeexamplesofpublicCAsareVeriSign(includingGeoTrustandThawte),Entrust,andGoDaddy.
UserscanremoveCAsfromtheirbrowserlistiftheywanttohavemorecontroloverwhotheirsystemtrustsandwhoitdoesn’t.Unfortunately,systemupdatescanrestorethem,requiringregularcertificatestoremaintenance.
OneadvantageofusingapublicCAisthatitisusuallywellknownandeasilyaccessibletomanypeople.MostwebbrowsershavealistofpublicCAsinstalledandconfiguredbydefault,alongwiththeircorresponding
rootcertificates.Thismeansthatifyouinstallawebbrowseronyourcomputer,itisalreadyconfiguredtotrustcertainCAs,eventhoughyoumighthaveneverheardofthembefore.So,ifyoureceiveacertificatefromBob,andhiscertificatewasdigitallysignedbyaCAlistedinyourbrowser,youautomaticallytrusttheCAandcaneasilywalkthroughtheprocessofverifyingBob’scertificate.Thishasraisedsomeeyebrowsamongsecurityprofessionals,however,sincetrustisinstalledbydefault,buttheindustryhasdeemedthisisanecessaryapproachthatprovidesuserswithtransparencyandincreasedfunctionality.Earlierinthechapter,thedifferentcertificateclassesandtheiruseswere
explained.Noglobalstandarddefinestheseclasses,theexactrequirementsforobtainingthesedifferentcertificates,ortheiruses.Standardsareinplace,usuallyforaparticularcountryorindustry,butthismeansthatpublicCAscandefinetheirowncertificateclassifications.ThisisnotnecessarilyagoodthingforcompaniesthatdependonpublicCAs,becauseitdoesnotprovidetothecompanyenoughcontroloverhowitshouldinterpretcertificateclassificationsandhowtheyshouldbeused.Thismeansanothercomponentneedstobecarefullydevelopedfor
companiesthatuseanddependonpublicCAs,andthiscomponentisreferredtoasthecertificatepolicy(CP).Thispolicyallowsthecompanytodecidewhatcertificationclassesareacceptableandhowtheywillbeusedwithintheorganization.ThisisdifferentfromtheCPS,whichexplainshowtheCAverifiesentities,generatescertificates,andmaintainsthesecertificates.TheCPisgeneratedandownedbyanindividualcompanythatusesanexternalCA,anditallowsthecompanytoenforceitssecuritydecisionsandcontrolhowcertificatesareusedwithitsapplications.
In-HouseCertificateAuthoritiesAnin-houseCAisimplemented,maintained,andcontrolledbythecompanythatimplementedit.ThistypeofCAcanbeusedtocreatecertificatesforinternalemployees,devices,applications,partners,and
customers.Thisapproachgivesthecompanycompletecontroloverhowindividualsareidentified,whatcertificationclassificationsarecreated,whocanandcannothaveaccesstotheCA,andhowthecertificationscanbeused.
TechTip
WhyIn-HouseCAs?In-houseCAsprovidemoreflexibilityforcompanies,whichoftenintegratethemintocurrentinfrastructuresandintoapplicationsforauthentication,encryption,andnonrepudiationpurposes.IftheCAisgoingtobeusedoveranextendedperiodoftime,thiscanbeacheapermethodofgeneratingandusingcertificatesthanhavingtopurchasethemthroughapublicCA.Settingupin-housecertificateserversisrelativelyeasyandcanbedonewithsimplesoftwarethattargetsbothWindowsandLinuxservers.
ChoosingBetweenaPublicCAandanIn-HouseCAWhendecidingbetweenanin-houseandpublicCA,variousfactorsneedtobeidentifiedandaccountedfor.Manycompanieshaveembarkeduponimplementinganin-housePKIenvironmentwitharoughestimatethatwouldbeimplementedwithinxnumberofmonthsandwouldcostapproximatelyyamountindollars.Withoutdoingtheproperhomework,companiesmightnotunderstandthecurrentenvironment,mightnotcompletelyhammerouttheintendedpurposeofthePKI,andmightnothaveenoughskilledstaffsupportingtheproject;timeestimatescandoubleortripleandtherequiredfundsandresourcescanbecomeunacceptable.SeveralcompanieshavestartedonaPKIimplementation,onlytoquithalfwaythrough,resultinginwastedtimeandmoney,withnothingtoshowforitexceptheapsoffrustrationandmanyulcers.Insomesituations,itisbetterforacompanytouseapublicCA,since
publicCAsalreadyhavethenecessaryequipment,skills,andtechnologies.
Inothersituations,companiesmaydecideitisabetterbusinessdecisiontotakeontheseeffortsthemselves.Thisisnotalwaysastrictlymonetarydecision—aspecificlevelofsecuritymightberequired.Somecompaniesdonotbelievethattheycantrustanoutsideauthoritytogenerateandmaintaintheirusers’andcompany’scertificates.Inthissituation,thescalemaytiptowardanin-houseCA.
Certificateauthoritiescomeinmanytypes:public,in-house,andoutsourced.Allofthemperformthesamefunctions,withtheonlydifferencebeinganorganizationalone.Thiscanhaveabearingontrustrelationships,asoneismorelikelytotrustin-houseCAsoverothersforwhichthereisarguablylesscontrol.
Eachcompanyisunique,withvariousgoals,securityrequirements,functionalityneeds,budgetaryrestraints,andideologies.ThedecisionofwhethertouseaprivateCAoranin-houseCAdependsontheexpansivenessofthePKIwithintheorganization,howintegrateditwillbewithdifferentbusinessneedsandgoals,itsinteroperabilitywithacompany’scurrenttechnologies,thenumberofindividualswhowillbeparticipating,andhowitwillworkwithoutsideentities.Thiscouldbequitealargeundertakingthattiesupstaff,resources,andfunds,soalotofstrategicplanningisrequired,andwhatwillandwon’tbegainedfromaPKIshouldbefullyunderstoodbeforethefirstdollarisspentontheimplementation.
OutsourcedCertificateAuthoritiesThelastavailableoptionforusingPKIcomponentswithinacompanyistooutsourcedifferentpartsofittoaspecificserviceprovider.Usually,themorecomplexpartsareoutsourced,suchastheCA,RA,CRL,andkeyrecoverymechanisms.ThisoccursifacompanydoesnothavethenecessaryskillstoimplementandcarryoutafullPKIenvironment.
TechTip
OutsourcedCAvs.PublicCAAnoutsourcedCAisdifferentfromapublicCAinthatitprovidesdedicatedservices,andpossiblyequipment,toanindividualcompany.ApublicCA,incontrast,canbeusedbyhundredsorthousandsofcompanies—theCAdoesn’tmaintainspecificserversandinfrastructuresforindividualcompanies.
Althoughoutsourcedservicesmightbeeasierforyourcompanytoimplement,youneedtoreviewseveralfactorsbeforemakingthistypeofcommitment.Youneedtodeterminewhatleveloftrustthecompanyiswillingtogivetotheserviceproviderandwhatlevelofriskitiswillingtoaccept.OftenaPKIanditscomponentsserveaslargesecuritycomponentswithinacompany’senterprise,andallowingathirdpartytomaintainthePKIcanintroducetoomanyrisksandliabilitiesthatyourcompanyisnotwillingtoundertake.Theliabilitiestheserviceprovideriswillingtoaccept,thesecurityprecautionsandprocedurestheoutsourcedCAsprovide,andthesurroundinglegalissuesneedtobeexaminedbeforethistypeofagreementismade.SomelargeverticalmarketshavetheirownoutsourcedPKI
environmentssetupbecausetheysharesimilarneedsandusuallyhavethesamerequirementsforcertificationtypesanduses.Thisallowsseveralcompanieswithinthesamemarkettosplitthecostsofthenecessaryequipment,anditallowsforindustry-specificstandardstobedrawnupandfollowed.Forexample,althoughmanymedicalfacilitiesworkdifferentlyandhavedifferentenvironments,theyhavealotofthesamefunctionalityandsecurityneeds.Ifseveralofthemcametogether,purchasedthenecessaryequipmenttoprovideCA,RA,andCRLfunctionality,employedonepersontomaintainit,andtheneachconnecteditsdifferentsitestothecentralizedcomponents,themedicalfacilitiescouldsavealotofmoneyandresources.Inthiscase,noteveryfacilitywouldneedtostrategicallyplanitsownfullPKI,andeachwouldnotneed
topurchaseredundantequipmentoremployredundantstaffmembers.Figure6.10illustrateshowoneoutsourcedserviceprovidercanofferdifferentPKIcomponentsandservicestodifferentcompanies,andhowcompanieswithinoneverticalmarketcansharethesameresources.
•Figure6.10APKIserviceprovider(representedbythefourboxes)canofferdifferentPKIcomponentstocompanies.
AsetofstandardscanbedrawnupabouthoweachdifferentfacilityshouldintegrateitsowninfrastructureandhowitshouldintegratewiththecentralizedPKIcomponents.Thisalsoallowsforless-complicatedintercommunicationtotakeplacebetweenthedifferentmedicalfacilities,whichwilleaseinformation-sharingattempts.
TyingDifferentPKIsTogetherInsomecases,morethanoneCAmaybeneededforaspecificPKItoworkproperly,andseveralrequirementsmustbemetfordifferentPKIstointercommunicate.Herearesomeexamples:
Acompanywantstobeabletocommunicateseamlesslywithitssuppliers,customers,orbusinesspartnersviaaPKI.
OnedepartmentwithinacompanyhashighersecurityrequirementsthanallotherdepartmentsandthusneedstoconfigureandcontrolitsownCA.
Onedepartmentneedstohavespeciallyconstructedcertificateswithuniquefieldsandusages.
DifferentpartsofanorganizationwanttocontroltheirownpiecesofthenetworkandtheCAthatisencompassedwithinit.
ThenumberofcertificatesthatneedtobegeneratedandmaintainedwouldoverwhelmoneCA,somultipleCAsmustbedeployed.
Thepoliticalcultureofacompanyinhibitsonedepartmentfrombeingabletocontrolelementsofanotherdepartment.
Enterprisesarepartitionedgeographically,anddifferentsitesneedtheirownlocalCA.
Thesesituationscanaddmuchmorecomplexitytotheoverallinfrastructure,intercommunicationcapabilities,andproceduresforcertificategenerationandvalidation.Tocontrolthiscomplexityproperlyfromthebeginning,theserequirementsneedtobeunderstood,addressed,andplannedfor.Thenthenecessarytrustmodelneedstobechosenandmoldedforthecompanytobuildupon.Selectingtherighttrustmodelwillgivethecompanyasolidfoundationfromthebeginning,insteadoftryingtoaddstructuretoaninaccurateandinadequateplanlateron.
TrustModelsPotentialscenariosexistotherthanjusthavingmorethanoneCA—eachofthecompaniesoreachdepartmentofanenterprisecanactuallyrepresentatrustdomainitself.Atrustdomainisaconstructofsystems,personnel,applications,protocols,technologies,andpoliciesthatworktogethertoprovideacertainlevelofprotection.Allofthesecomponentscanworktogetherseamlesslywithinthesametrustdomainbecausetheyareknowntotheothercomponentswithinthedomainandaretrustedtosomedegree.Differenttrustdomainsareusuallymanagedbydifferentgroupsofadministrators,havedifferentsecuritypolicies,andrestrictoutsidersfromprivilegedaccess.
TechTip
TrustModelsThereareseveralformsoftrustmodelsassociatedwithcertificates.Hierarchical,peer-to-peer,andhybridaretheprimaryforms,withtheweboftrustbeingaformofhybrid.EachofthesemodelshasausefulplaceinthePKIarchitectureunderdifferentcircumstances.
Mosttrustdomains(whetherindividualcompaniesordepartments)usuallyarenotislandscutofffromtheworld—theyneedtocommunicatewithother,less-trusteddomains.Thetrickistofigureouthowmuchtwo
differentdomainsshouldtrusteachother,andhowtoimplementandconfigureaninfrastructurethatwouldallowthesetwodomainstocommunicateinawaythatwillnotallowsecuritycompromisesorbreaches.Thiscanbemoredifficultthanitsounds.Inthenondigitalworld,itisdifficulttofigureoutwhototrust,howto
carryoutlegitimatebusinessfunctions,andhowtoensurethatoneisnotbeingtakenadvantageoforliedto.Jumpintothedigitalworldandaddprotocols,services,encryption,CAs,RAs,CRLs,anddifferingtechnologiesandapplications,andthebusinessriskscanbecomeoverwhelmingandconfusing.Sostartwithabasicquestion:Whatcriteriawillweusetodeterminewhowetrustandtowhatdegree?Oneexampleoftrustconsideredearlierinthechapteristhedriver’s
licenseissuedbytheDMV.Suppose,forexample,thatBobisbuyingalampfromCarolandhewantstopaybycheck.SinceCaroldoesnotknowBob,shedoesnotknowifshecantrusthimorhavemuchfaithinhischeck.ButifBobshowsCarolhisdriver’slicense,shecancomparethenametowhatappearsonthecheck,andshecanchoosetoacceptit.Thetrustanchor(theagreed-upontrustedthirdparty)inthisscenarioistheDMV,sincebothCarolandBobtrustitmorethantheytrusteachother.BobhadtoprovidedocumentationtotheDMVtoprovehisidentity,thatorganizationtrustedhimenoughtogeneratealicense,andCaroltruststheDMV,soshedecidestotrustBob’scheck.Consideranotherexampleofatrustanchor.IfJoeandStacyneedto
communicatethroughe-mailandwouldliketouseencryptionanddigitalsignatures,theywillnottrusteachother’scertificatealone.Butwheneachreceivestheother’scertificateandseesthatithasbeendigitallysignedbyanentitytheybothdotrust—theCA—theyhaveadeeperleveloftrustineachother.ThetrustanchorhereistheCA.Thisiseasyenough,butwhenweneedtoestablishtrustanchorsbetweendifferentCAsandPKIenvironments,itgetsalittlemorecomplicated.IftwocompaniesneedtocommunicateusingtheirindividualPKIs,orif
twodepartmentswithinthesamecompanyusedifferentCAs,twoseparatetrustdomainsareinvolved.Theusersanddevicesfromthesedifferent
trustdomainsneedtocommunicatewitheachother,andtheyneedtoexchangecertificatesandpublickeys,whichmeansthattrustanchorsneedtobeidentifiedandacommunicationchannelmustbeconstructedandmaintained.Atrustrelationshipmustbeestablishedbetweentwoissuingauthorities
(CAs).ThishappenswhenoneorbothoftheCAsissueacertificatefortheotherCA’spublickey,asshowninFigure6.11.ThismeansthateachCAregistersforacertificateandpublickeyfromtheotherCA.EachCAvalidatestheotherCA’sidentificationinformationandgeneratesacertificatecontainingapublickeyforthatCAtouse.Thisestablishesatrustpathbetweenthetwoentitiesthatcanthenbeusedwhenusersneedtoverifyotherusers’certificatesthatfallwithinthedifferenttrustdomains.Thetrustpathcanbeunidirectionalorbidirectional,soeitherthetwoCAstrusteachother(bidirectional)oronlyonetruststheother(unidirectional).
•Figure6.11Atrustrelationshipcanbebuiltbetweentwotrustdomainstosetupacommunicationchannel.
ExamTip:ThreeformsoftrustmodelsarecommonlyfoundinPKIs:
•Hierarchical•Peer-to-peer•Hybrid
AsillustratedinFigure6.11,alltheusersanddevicesintrustdomain1trusttheirownCA,CA1,whichistheirtrustanchor.Allusersanddevicesintrustdomain2havetheirowntrustanchor,CA2.ThetwoCAshaveexchangedcertificatesandtrusteachother,buttheydonothaveacommontrustanchorbetweenthem.Thetrustmodelsdescribeandoutlinethetrustrelationshipsbetweenthe
differentCAsanddifferentenvironments,whichwillindicatewherethetrustpathsreside.Thetrustmodelsandpathsneedtobethoughtoutbeforeimplementationtorestrictandcontrolaccessproperlyandtoensurethatasfewtrustpathsaspossibleareused.Severaldifferenttrustmodelscanbeused:thehierarchical,peer-to-peer,andhybridmodelsarediscussedinthefollowingsections.
HierarchicalTrustModelThehierarchicaltrustmodelisabasichierarchicalstructurethatcontainsarootCA,intermediateCAs,leafCAs,andend-entities.Theconfigurationisthatofaninvertedtree,asshowninFigure6.12.TherootCAistheultimatetrustanchorforallotherentitiesinthisinfrastructure,anditgeneratescertificatesfortheintermediateCAs,whichinturngeneratecertificatesfortheleafCAs,andtheleafCAsgeneratecertificatesfortheend-entities(users,networkdevices,andapplications).
•Figure6.12Thehierarchicaltrustmodeloutlinestrustpaths.
IntermediateCAsfunctiontotransfertrustbetweendifferentCAs.TheseCAsarereferredtoassubordinateCAsbecausetheyaresubordinatetotheCAthattheyreference.ThepathoftrustiswalkedupfromthesubordinateCAtothehigher-levelCA;inessencethesubordinateCAisusingthehigher-levelCAasareference.AsshowninFigure6.12,nobidirectionaltrustsexist—theyareall
unidirectionaltrusts,asindicatedbytheone-wayarrows.Sincenoother
entitycancertifyandgeneratecertificatesfortherootCA,itcreatesaself-signedcertificate.Thismeansthatthecertificate’sIssuerandSubjectfieldsholdthesameinformation,bothrepresentingtherootCA,andtherootCA’spublickeywillbeusedtoverifythiscertificatewhenthattimecomes.ThisrootCAcertificateandpublickeyaredistributedtoallentitieswithinthistrustmodel.
TechTip
RootCAIftherootCA’sprivatekeywereevercompromised,allentitieswithinthehierarchicaltrustmodelwouldbedrasticallyaffected,becausethisistheirsoletrustanchor.TherootCAusuallyhasasmallamountofinteractionwiththeintermediateCAsandend-entities,andcanthereforebetakenofflinemuchofthetime.ThisprovidesagreaterdegreeofprotectionfortherootCA,becausewhenitisofflineitisbasicallyinaccessible.
WalkingtheCertificatePathWhenauserinonetrustdomainneedstocommunicatewithauserinanothertrustdomain,oneuserwillneedtovalidatetheother’scertificate.Thissoundssimpleenough,butwhatitreallymeansisthateachcertificateforeachCA,allthewayuptoasharedtrustedanchor,alsomustbevalidated.IfDebbieneedstovalidateSam’scertificate,asshowninFigure6.12,sheactuallyalsoneedstovalidatetheLeafDCAandIntermediateBCAcertificates,aswellasSam’s.SoinFigure6.12,wehaveauser,Sam,whodigitallysignsamessage
andsendsitandhiscertificatetoDebbie.DebbieneedstovalidatethiscertificatebeforeshecantrustSam’sdigitalsignature.IncludedinSam’scertificateisanIssuerfield,whichindicatesthatthecertificatewasissuedbyLeafDCA.DebbiehastoobtainLeafDCA’sdigitalcertificateandpublickeytovalidateSam’scertificate.RememberthatDebbievalidatesthecertificatebyverifyingitsdigitalsignature.Thedigitalsignaturewascreatedbythecertificateissuerusingitsprivatekey,soDebbieneedsto
verifythesignatureusingtheissuer’spublickey.DebbietracksdownLeafDCA’scertificateandpublickey,butshe
nowneedstoverifythisCA’scertificate,soshelooksattheIssuerfield,whichindicatesthatLeafDCA’scertificatewasissuedbyIntermediateBCA.DebbienowneedstogetIntermediateBCA’scertificateandpublickey.Debbie’sclientsoftwaretracksthisdownandseesthattheissuerfor
IntermediateBCAistherootCA,forwhichshealreadyhasacertificateandpublickey.SoDebbie’sclientsoftwarehadtofollowthecertificatepath,meaningithadtocontinuetotrackdownandcollectcertificatesuntilitcameuponaself-signedcertificate.Aself-signedcertificateindicatesthatitwassignedbyarootCA,andDebbie’ssoftwarehasbeenconfiguredtotrustthisentityashertrustanchor,soshecanstopthere.Figure6.13illustratesthestepsDebbie’ssoftwarehadtocarryoutjusttobeabletoverifySam’scertificate.
•Figure6.13Verifyingeachcertificateinacertificatepath
Thistypeofsimplistictrustmodelworkswellwithinanenterprisethateasilyfollowsahierarchicalorganizationalchart,butmanycompaniescannotusethistypeoftrustmodelbecausedifferentdepartmentsorofficesrequiretheirowntrustanchors.Thesedemandscanbederivedfromdirectbusinessneedsorfrominterorganizationalpolitics.Thishierarchicalmodelmightnotbepossiblewhentwoormorecompaniesneedtocommunicatewitheachother.Neithercompanywilllettheother’sCAbetherootCA,becauseeachdoesnotnecessarilytrusttheotherentitytothatdegree.Inthesesituations,theCAswillneedtoworkinapeer-to-peerrelationshipinsteadofinahierarchicalrelationship.
Peer-to-PeerModel
Inapeer-to-peertrustmodel,oneCAisnotsubordinatetoanotherCA,andnoestablishedtrustedanchorbetweentheCAsisinvolved.Theend-entitieswilllooktotheirissuingCAastheirtrustedanchor,butthedifferentCAswillnothaveacommonanchor.Figure6.14illustratesthistypeoftrustmodel.ThetwodifferentCAs
willcertifythepublickeyforeachother,whichcreatesabidirectionaltrust.Thisisreferredtoascross-certification,sincetheCAsarenotreceivingtheircertificatesandpublickeysfromasuperiorCA,butinsteadarecreatingthemforeachother.
•Figure6.14Cross-certificationcreatesapeer-to-peerPKImodel.
Oneofthemaindrawbackstothismodelisscalability.EachCAmustcertifyeveryotherCAthatisparticipating,andabidirectionaltrustpathmustbeimplemented,asshowninFigure6.15.IfonerootCAwerecertifyingalltheintermediateCAs,scalabilitywouldnotbeasmuchofanissue.
•Figure6.15Scalabilityisadrawbackincross-certificationmodels.
Figure6.15representsafullyconnectedmesharchitecture,meaningthateachCAisdirectlyconnectedtoandhasabidirectionaltrustrelationshipwitheveryotherCA.Asyoucanseeinthisillustration,thecomplexityofthissetupcanbecomeoverwhelming.
Inanynetworkmodel,fullyconnectedmesharchitecturesarewastefulandexpensive.Intrusttransfermodels,theextralevelofredundancyisjustthat:redundantandunnecessary.
HybridTrustModel
Acompanycanbeinternallycomplex,andwhentheneedarisestocommunicateproperlywithoutsidepartners,suppliers,andcustomersinanauthorizedandsecuredmanner,thiscomplexitycanmakestickingtoeitherthehierarchicalorpeer-to-peertrustmodeldifficult,ifnotimpossible.Inmanyimplementations,thedifferentmodeltypeshavetobecombinedtoprovidethenecessarycommunicationlinesandlevelsoftrust.Inahybridtrustmodel,thetwocompanieshavetheirowninternalhierarchicalmodelsandareconnectedthroughapeer-to-peermodelusingcross-certification.AnotheroptioninthishybridconfigurationistoimplementabridgeCA.
Figure6.16illustratestherolethatabridgeCAcouldplay—itisresponsibleforissuingcross-certificatesforallconnectedCAsandtrustdomains.Thebridgeisnotconsideredarootortrustanchor,butmerelytheentitythatgeneratesandmaintainsthecross-certificationfortheconnectedenvironments.
•Figure6.16AbridgeCAcancontrolthecross-certificationprocedures.
ExamTip:Threetrustmodelsexist:hierarchical,peer-to-peer,andhybrid.Hierarchicaltrustislikeanupside-downtree,peer-to-peerisalateralseriesofreferences,andhybridisacombinationofhierarchicalandpeer-to-peertrust.
Certificate-BasedThreatsAlthoughcertificatesbringmuchcapabilitytosecuritythroughpracticalmanagementoftrust,theyalsocanpresentthreats.Becausemuchoftheactualworkisdonebehindthescenes,withoutdirectuserinvolvement,afalsesenseofsecuritymightensue.EndusersmightassumethatifanHTTPSconnectionwasmadewithaserver,theyaresecurelyconnectedtotheproperserver.Spoofing,phishing,pharming,andawiderangeofsophisticatedattackspreyonthisassumption.Today,industryhasrespondedwithahigh-assurancecertificatethatissignedandrecognizedbybrowsers.Usingthisexample,wecanexaminehowanattackermightpreyonauser’strustinsoftwaregettingthingscorrect.Ifahackerwishestohavesomethingrecognizedaslegitimate,hemay
havetoobtainacertificatethatprovesthispointtotheend-usermachine.Oneavenuewouldbetoforgeafalsecertificate,butthisischallengingbecauseofthepublickeysigningofcertificatesbyCAs.Toovercomethisproblem,thehackerneedstoinstallafalse,self-signedrootcertificateontheend-userPC.Thisfalsekeycanthenbeusedtovalidatemalicioussoftwareascomingfromatrustedsource.Thisattackpreysonthefactthatendusersdonotknowthecontentsoftheirrootcertificatestore,nordotheyhaveameanstovalidatechanges.Inanenterpriseenvironment,thisattackcanbethwartedbylockingdownthecertificatestoreandvalidatingchangesagainstawhitelist.Thisoptionreallyisnotverypracticalforendusersoutsideofanenterprise.
StolenCertificatesCertificatesactasaformoftrustedIDandaretypicallyhandledwithoutend-userintervention.Toensuretheveracityofacertificate,aseriesofcryptographiccontrolsisemployed,includingdigitalsignaturestoprovideproofofauthenticity.Thisstatementaside,stolencertificateshavebeenusedinmultiplecasesofcomputerintrusions/systemattacks.Speciallycraftedmalwarehasbeendesignedtostealbothprivatekeysanddigitalcertificatesfrommachines.Oneofthemostinfamousmalwareprograms,theZeusbot,hasfunctionalitytoperformthistask.
Astolencertificateand/orprivatekeycanbeusedtobypassmanysecuritymeasures.ConcernoverstolenSSL/TLScredentialsledtothecreationofhigh-assurancecertificates,whicharediscussedinChapter17.
Stolencertificateshavebeenimplementedinawiderangeofattacks.Malwaredesignedtoimitateantivirussoftwarehasbeenfounddatingbackto2009.TheStuxnetattackontheIraniannuclearproductionfacilityusedstolencertificatesfromthirdpartiesthatwerenotinvolvedinanywayotherthantheunwittingcontributionofapasskeyintheformofacertificate.InlessthanamonthaftertheSonyPicturesEntertainmentattackbecamepublicin2014,malwareusingSonycertificatesappeared.Whetherthecertificatescamefromthebreak-inoroneofthepreviousSonyhacksisunknown,buttheresultisthesame.
Chapter6Review
LabBookExercise
Thefollowinglabexercisefromthecompanionlabmanual,PrinciplesofComputerSecurityLabManual,FourthEdition,providespracticalapplicationofmaterialcoveredinthischapter:
Lab8.5wUsingIPsecinWindows
ChapterSummaryAfterreadingthischapterandcompletingtheexercises,youshouldunderstandthefollowingaboutpublickeyinfrastructures.
Implementthebasicsofpublickeyinfrastructures
PKIsolutionsincludecertificateauthorities(CAs)andregistrationauthorities(RAs).
PKIsformthecentralmanagementfunctionalityusedtoenableencryptiontechnologies.
Thestepsauserperformstoobtainacertificateforusearelistedinthetextandareimportanttomemorize.
Describetheroleofregistrationauthorities
RAsverifyidentitiestobeusedoncertificates.
RAspassidentityinformationtoCAsforuseinbindingtoacertificate.
Usedigitalcertificates
Certificatesarehandledviaacertificateserverandclientsoftware.
Therearethreeclassesofcertificatesandtheyhavethefollowingtypicaluses:
Class1Personale-mailuseClass2Softwaresigning
Class3SettingupaCAUnderstandthelifecycleofcertificates
Certificatesaregenerated,registered,andhistoricallyverifiedbytheoriginatingCA.
Therearetwomainmechanismstomanagetherevocationofacertificate:CRLandOCSP.
Keys,andhencecertificates,havealifecycle;theyarecreated,usedforadefinedperiodoftime,andthendestroyed.
Explaintherelationshipbetweentrustandcertificateverification
Trustisbasedonanunderstandingoftheneedsoftheuserandwhattheitembeingtrustedoffers.
Certificateverificationprovidesassurancethatthedatainthecertificateisvalid,notwhetheritmeetstheneedsoftheuser.
Describetherolesofcertificateauthoritiesandcertificaterepositories
CAscreatecertificatesforidentifiedentitiesandmaintainrecordsoftheirissuanceandrevocation.
CRLsprovideameansoflettingusersknowwhencertificateshavebeenrevokedbeforetheirend-of-lifedate.
Identifycentralizedanddecentralizedinfrastructures
TherearethreedifferentarchitecturesofCAs:
Hierarchical
Peer-to-peer
Hybrid
MultipleCAscanbeusedtogethertocreateaweboftrust.
Describepublicandin-housecertificateauthorities
PublicCAsexistasaservicethatallowsentitiestoobtaincertificatesfromatrustedthirdparty.
In-housecertificatesprovidecertificatesthatallowafirmameanstousecertificateswithincompanyborders.
KeyTermsauthorityrevocationlist(ARL)(142)CAcertificate(136)certificate(128)certificateauthority(CA)(130)certificatepath(158)certificaterepository(143)certificaterevocationlist(CRL)(140)certificateserver(131)certificatesigningrequest(CSR)(138)certificationpracticesstatement(CPS)(131)cross-certificationcertificate(137)digitalcertificate(130)dualcontrol(150)end-entitycertificate(136)hardwaresecuritymodule(HSM)(147)hierarchicaltrustmodel(157)hybridtrustmodel(159)keyarchiving(150)keyescrow(150)keyrecovery(150)localregistrationauthority(LRA)(132)OnlineCertificateStatusProtocol(OCSP)(142)
peer-to-peertrustmodel(158)policycertificate(137)publickeyinfrastructure(PKI)(129)registrationauthority(RA)(131)
KeyTermsQuizUsetermsfromtheKeyTermslisttocompletethesentencesthatfollow.Don’tusethesametermmorethanonce.Notalltermswillbeused.
1.The_______________isthetrustedauthorityforcertifyingindividuals’identitiesandcreatinganelectronicdocumentindicatingthatindividualsarewhotheysaytheyare.
2.A(n)_______________istheactualrequesttoaCAcontainingapublickeyandtherequisiteinformationneededtogenerateacertificate.
3.The_______________isamethodofdeterminingwhetheracertificatehasbeenrevokedthatdoesnotrequirelocalmachinestorageofCRLs.
4.The_______________istheactualservicethatissuescertificatesbasedonthedataprovidedduringtheinitialregistrationprocess.
5.Aphysicaldevicethatsafeguardscryptographickeysiscalleda(n)_______________.
6.A(n)_______________isaholdingplaceforindividuals’certificatesandpublickeysthatareparticipatinginaparticularPKIenvironment.
7.A(n)_______________isusedwhenindependentCAsestablishpeer-to-peertrustrelationships.
8.A(n)_______________isastructurethatprovidesallofthenecessarycomponentsfordifferenttypesofusersandentitiestobe
abletocommunicatesecurelyandinapredictablemanner.
9._______________istheprocessofgivingkeystoathirdpartysothattheycandecryptandreadsensitiveinformationiftheneedarises.
10.Ina(n)_______________,oneCAisnotsubordinatetoanotherCA,andthereisnoestablishedtrustanchorbetweentheCAsinvolved.
Multiple-ChoiceQuiz1.WhenauserwantstoparticipateinaPKI,whatcomponentdoeshe
orsheneedtoobtain,andhowdoesthathappen?
A.TheusersubmitsacertificaterequesttotheCA.
B.TheusersubmitsakeypairrequesttotheCRL.
C.TheusersubmitsacertificaterequesttotheRA.
D.TheusersubmitsproofofidentificationtotheCA.
2.Howdoesauservalidateadigitalcertificatethatisreceivedfromanotheruser?
A.TheuserfirstseeswhetherhersystemhasbeenconfiguredtotrusttheCAthatdigitallysignedtheotheruser’scertificateandthenvalidatesthatCA’sdigitalsignature.
B.Theusercalculatesamessagedigestandcomparesittotheoneattachedtothemessage.
C.TheuserfirstseeswhetherhersystemhasbeenconfiguredtotrusttheCAthatdigitallysignedthecertificateandthenvalidatesthepublickeythatisembeddedwithinthecertificate.
D.Theuservalidatesthesender’sdigitalsignatureonthemessage.
3.Whatisthepurposeofadigitalcertificate?
A.ItbindsaCAtoauser’sidentity.
B.ItbindsaCA’sidentitytothecorrectRA.
C.ItbindsanindividualidentitytoanRA.
D.Itbindsanindividualidentitytoapublickey.
4.Whatstepsdoesauser’ssoftwaretaketovalidateaCA’sdigitalsignatureonadigitalcertificate?
A.Theuser’ssoftwarecreatesamessagedigestforthedigitalcertificateanddecryptstheencryptedmessagedigestincludedwithinthedigitalcertificate.Ifthedecryptionperformsproperlyandthemessagedigestvaluesarethesame,thecertificateisvalidated.
B.Theuser’ssoftwarecreatesamessagedigestforthedigitalsignatureandencryptsthemessagedigestincludedwithinthedigitalcertificate.Iftheencryptionperformsproperlyandthemessagedigestvaluesarethesame,thecertificateisvalidated.
C.Theuser’ssoftwarecreatesamessagedigestforthedigitalcertificateanddecryptstheencryptedmessagedigestincludedwithinthedigitalcertificate.IftheusercanencryptthemessagedigestproperlywiththeCA’sprivatekeyandthemessagedigestvaluesarethesame,thecertificateisvalidated.
D.Theuser’ssoftwarecreatesamessagedigestforthedigitalsignatureandencryptsthemessagedigestwithitsprivatekey.Ifthedecryptionperformsproperlyandthemessagedigestvaluesarethesame,thecertificateisvalidated.
5.Whywouldacompanyimplementakeyarchivingandrecoverysystemwithintheorganization?
A.Tomakesurealldataencryptionkeysareavailableforthecompanyifandwhenitneedsthem
B.Tomakesurealldigitalsignaturekeysareavailableforthecompanyifandwhenitneedsthem
C.Tocreatesessionkeysforuserstobeabletoaccesswhentheyneedtoencryptbulkdata
D.TobackuptheRA’sprivatekeyforretrievalpurposes
6.WithinaPKIenvironment,wheredoesthemajorityofthetrustactuallylie?
A.AllusersanddeviceswithinanenvironmenttrusttheRA,whichallowsthemtoindirectlytrusteachother.
B.AllusersanddeviceswithinanenvironmenttrusttheCA,whichallowsthemtoindirectlytrusteachother.
C.AllusersanddeviceswithinanenvironmenttrusttheCRL,whichallowsthemtoindirectlytrusteachother.
D.AllusersanddeviceswithinanenvironmenttrusttheCPS,whichallowsthemtoindirectlytrusteachother.
7.Whichofthefollowingproperlydescribeswhatapublickeyinfrastructure(PKI)actuallyis?
A.Aprotocolwrittentoworkwithalargesubsetofalgorithms,applications,andprotocols
B.Analgorithmthatcreatespublic/privatekeypairs
C.Aframeworkthatoutlinesspecifictechnologiesandalgorithmsthatmustbeused
D.Aframeworkthatdoesnotspecifyanytechnologiesbutprovidesafoundationforconfidentiality,integrity,andavailabilityservices
8.Onceanindividualvalidatesanotherindividual’scertificate,whatistheuseofthepublickeythatisextractedfromthisdigital
certificate?
A.Thepublickeyisnowavailabletousetocreatedigitalsignatures.
B.Theusercannowencryptsessionkeysandmessageswiththispublickeyandcanvalidatethesender’sdigitalsignatures.
C.Thepublickeyisnowavailabletoencryptfuturedigitalcertificatesthatneedtobevalidated.
D.Theusercannowencryptprivatekeysthatneedtobetransmittedsecurely.
9.Whywouldadigitalcertificatebeaddedtoacertificaterevocationlist(CRL)?
A.Ifthepublickeyhadbecomecompromisedinapublicrepository
B.Iftheprivatekeyhadbecomecompromised
C.Ifanewemployeejoinedthecompanyandreceivedanewcertificate
D.Ifthecertificateexpired
10.HowcanusershavefaiththattheCRLwasnotmodifiedtopresentincorrectinformation?
A.TheCRLisdigitallysignedbytheCA.
B.TheCRLisencryptedbytheCA.
C.TheCRLisopenforanyonetopostcertificateinformationto.
D.TheCRLisaccessibleonlytotheCA.
EssayQuiz
1.Describetheprosandconsofestablishingakeyarchivingsystemprogramforasmall-tomedium-sizedbusiness.
2.Whywouldasmall-tomedium-sizedfirmimplementaPKIsolution?Whatbusinessbenefitswouldensuefromsuchacourseofaction?
3.Describethestepsinvolvedinverifyingacertificate’svalidity.4.Describethestepsinobtainingacertificate.5.Compareandcontrastthehierarchicaltrustmodel,peer-to-peertrust
model,andhybridtrustmodel.
LabProjects
•LabProject6.1InvestigatetheprocessofobtainingapersonalcertificateordigitalIDfore-mailusage.Whatinformationisneeded,whatarethecosts,andwhatprotectionisaffordedbasedonthevendor?
•LabProject6.2Determinewhatcertificatesareregisteredwiththebrowserinstanceonyourcomputer.
chapter7 PKIStandardsandProtocols
Thenicethingaboutstandardsisthatyouhavesomanytochoosefrom.
—ANDREWS.TANENBAUM
N
Inthischapter,youwilllearnhowto
IdentifythestandardsinvolvedinestablishinganinteroperableInternetPKI
ExplaininteroperabilityissueswithPKIstandards
DescribehowthecommonInternetprotocolsimplementthePKIstandards
oneofthestillsteadilygrowingInternetcommercewouldbepossiblewithouttheuseofstandardsandprotocolsthatprovideacommon,interoperableenvironmentforexchanginginformationsecurely.Due
tothewidedistributionofInternetusersandbusinesses,themostpracticalsolutiontodatehasbeenthecommercialimplementationofpublickeyinfrastructures(PKIs).Thischapterexaminesthestandardsandprotocolsinvolvedinsecure
Internettransactionsande-businessusingaPKI.Althoughyoumayuseonlyaportionoftherelatedstandardsandprotocolsonadailybasis,youshouldunderstandhowtheyinteracttoprovidetheservicesthatarecriticalforsecurity:confidentiality,integrity,availability,authentication,andnonrepudiation.Thischapterwillalsoincludesomerelatedstandards,suchasFIPSandtheCommonCriteria.
Chapter6introducedthealgorithmsandtechniquesusedtoimplementapublicPKI,but,asyouprobablynoticed,thereisalotofroomforinterpretation.VariousorganizationshavedevelopedandimplementedstandardsandprotocolsthathavebeenacceptedasthebasisforsecureinteractioninaPKIenvironment.Thesestandardsfallintothreegeneralcategories:
TechTip
RevolutionaryTechnologiesThe1976publicdisclosureofasymmetrickeyalgorithmsbyDiffie,Hellman,Rivest,Shamir,
andAdlemanchangedsecurecommunicationsinaworld-shatteringway.Itwasatechnologythatmettheneedofanotheremergingtechnology;thedevelopmentoftheInternetduringthissametimeledtotheneedforsecurecommunicationsbetweenanonymousparties—combined,atechnologicallyrevolutionaryevent.
StandardsthatdefinethePKIThesestandardsdefinethedataanddatastructuresexchangedandthemeansformanagingthatdatatoprovidethefunctionsofthePKI(certificateissuance,storage,revocation,registration,andmanagement).
StandardsthatdefinetheinterfacebetweenapplicationsandtheunderlyingPKIThesestandardsusethePKItoestablishtheservicesrequiredbyapplications(S/MIME,SSL,andTLS).
OtherstandardsThesestandardsdon’tfitneatlyineitheroftheothertwocategories.Theyprovidebitsandpiecesthatglueeverythingtogether;theynotonlycanaddressthePKIstructureandthemethodsandprotocolsforusingit,butcanalsoprovideanoverarchingbusinessprocessenvironmentforPKIimplementation(forexample,ISO/IEC27002,CommonCriteria,andtheFederalInformationProcessingStandardsPublications[FIPSPUBS]).
Figure7.1showstherelationshipsbetweenthesestandardsandprotocolsandconveystheinterdependenceofthestandardsandprotocolsdiscussedinthischapter.TheInternetpublickeyinfrastructure(PKI)reliesonthreemainstandardsforestablishinginteroperablePKIservices:PKIX.509(PKIX),PublicKeyCryptographyStandards(PKCS),andX.509.OtherprotocolsandstandardshelpdefinethemanagementandoperationofthePKIandrelatedservices—InternetSecurityAssociationandKeyManagementProtocol(ISAKMP)andXMLKeyManagementSpecification(XKMS)arebothkeymanagementprotocols,whileCertificateManagementProtocol(CMP)isusedformanagingcertificates.CertificateEnrollmentProtocol(CEP)isanalternativecertificateissuance,distribution,andrevocationmechanism.Finally,PrettyGoodPrivacy(PGP)providesanalternativemethodspanningtheprotocoland
applicationlevels.
•Figure7.1RelationshipsbetweenPKIstandardsandprotocols
Thischapterexamineseachstandardfromthebottomup,startingwithbuildinganinfrastructurethroughprotocolsandapplications,andfinishingwithsomeoftheinherentweaknessesofandpotentialattacksonaPKI.
PKIXandPKCSTwomainstandardshaveevolvedovertimetoimplementPKIsonapracticallevelontheInternet.BotharebasedontheX.509certificatestandard(discussedshortlyinthe“X.509”section)andestablishcomplementarystandardsforimplementingPKIs.PKIXandPKCSintertwinetodefinethemostcommonlyusedsetofstandards.PKIXwasproducedbytheInternetEngineeringTaskForce(IETF)and
definesstandardsforinteractionsandoperationsforfourcomponenttypes:theuser(end-entity),certificateauthority(CA),registrationauthority(RA),andtherepositoryforcertificatesandcertificaterevocationlists(CRLs).PKCSdefinesmanyofthelower-levelstandardsformessagesyntax,cryptographicalgorithms,andthelike.ThePKCSsetofstandardsisaproductofRSASecurity.ThePKIXworkinggroupwasformedin1995todevelopthestandards
necessarytosupportPKIs.Atthetime,theX.509PublicKeyCertificate(PKC)formatwasproposedasthebasisforaPKI.X.509includesinformationregardingdataformatsandproceduresusedforCA-signedPKCs,butitdoesn’tspecifyvaluesorformatsformanyofthefieldswithinthePKC.PKIXprovidesstandardsforextendingandusingX.509v3certificatesandformanagingthem,enablinginteroperabilitybetweenPKIsfollowingthestandards.PKIXusesthemodelshowninFigure7.2forrepresentingthe
componentsandusersofaPKI.Theuser,calledanend-entity,isnotpartofthePKI,butend-entitiesareeitherusersofthePKIcertificates,thesubjectofacertificate(anentityidentifiedbyit),orboth.Thecertificateauthority(CA)isresponsibleforissuing,storing,andrevokingcertificates—bothPKCsandAttributeCertificates(ACs).TheRAisresponsibleformanagementactivitiesdesignatedbytheCA.TheRAcan,infact,beacomponentoftheCAratherthanaseparatecomponent.ThefinalcomponentofthePKIXmodelistherepository,asystemorgroupofdistributedsystemsthatprovidescertificatesandCRLstotheend-entities.Thecertificaterevocationlist(CRL)isadigitallysignedobjectthatlists
allofthecurrentbutrevokedcertificatesissuedbyaCA.
•Figure7.2ThePKIXmodel
TechTip
PKIEssentialsAPKIbringstogetherpolicies,procedures,hardware,software,andenduserstocreate,manage,store,distribute,andrevokedigitalcertificates.
PKIXStandardsNowthatwehavelookedathowPKIXisorganized,let’stakealookat
whatPKIXdoes.UsingX.509v3,thePKIXworkinggroupaddressesfivemajorareas:
PKIXoutlinescertificateextensionsandcontentnotcoveredbyX.509v3andtheformatofversion2CRLs,thusprovidingcompatibilitystandardsforsharingcertificatesandCRLsbetweenCAsandend-entitiesindifferentPKIs.ThePKIXprofileoftheX.509v3PKCdescribesthecontents,requiredextensions,optionalextensions,andextensionsthatneednotbeimplemented.ThePKIXprofilesuggestsarangeofvaluesformanyextensions.Inaddition,PKIXprovidesaprofileforversion2CRLs,allowingdifferentPKIstosharerevocationinformation.
PKIXprovidescertificatemanagementmessageformatsandprotocols,definingthedatastructures,managementmessages,andmanagementfunctionsforPKIs.Theworkinggroupalsoaddressestheassumptionsandrestrictionsoftheirprotocols.ThisstandardidentifiestheprotocolsnecessarytosupportonlineinteractionsbetweenentitiesinthePKIXmodel.Themanagementprotocolssupportfunctionsforentityregistration,initializationofthecertificate(possiblykey-pairgeneration),issuanceofthecertificate,key-pairupdate,certificaterevocation,cross-certification(betweenCAs),andkey-pairrecoveryifavailable.
PKIXoutlinescertificatepoliciesandcertificationpracticesstatements(CPSs),establishingtherelationshipbetweenpoliciesandCPSs.Apolicyisasetofrulesthathelpsdeterminetheapplicabilityofacertificatetoanend-entity.Forexample,acertificateforhandlingroutineinformationwouldprobablyhaveapolicyoncreation,storage,andmanagementofkeypairsquitedifferentfromapolicyforcertificatesusedinfinancialtransactions,duetothesensitivityofthefinancialinformation.ACPSexplainsthepracticesusedbyaCAtoissuecertificates.Inotherwords,theCPSisthemethodusedtogetthecertificate,whilethepolicydefinessomecharacteristicsofthecertificateandhowitwillbehandledandused.
PKIXspecifiesoperationalprotocols,definingtheprotocolsforcertificatehandling.Inparticular,protocoldefinitionsarespecifiedforusingFileTransferProtocol(FTP)andHypertextTransferProtocol(HTTP)toretrievecertificatesfromrepositories.Thesearethemostcommonprotocolsforapplicationstousewhenretrievingcertificates.
PKIXincludestime-stampinganddatacertificationandvalidationservices,whichareareasofinteresttothePKIXworkinggroup,andwhichwillprobablygrowinuseovertime.Atimestampauthority(TSA)certifiesthataparticularentityexistedataparticulartime.ADataValidationandCertificationServer(DVCS)certifiesthevalidityofsigneddocuments,PKCs,andthepossessionorexistenceofdata.Thesecapabilitiessupportnonrepudiationrequirementsandareconsideredbuildingblocksforanonrepudiationservice.
PKCsarethemostcommonlyusedcertificates,butthePKIXworkinggrouphasbeenworkingontwoothertypesofcertificates:AttributeCertificatesandQualifiedCertificates.AnAttributeCertificate(AC)isusedtograntpermissionsusingrule-based,role-based,andrank-basedaccesscontrols.ACsareusedtoimplementaprivilegemanagementinfrastructure(PMI).InaPMI,anentity(user,program,system,andsoon)istypicallyidentifiedasaclienttoaserverusingaPKC.Therearethentwopossibilities:eithertheidentifiedclientpushesanACtotheserver,ortheservercanqueryatrustedrepositorytoretrievetheattributesoftheclient.ThissituationismodeledinFigure7.3.
•Figure7.3ThePKIXPMImodel
TheclientpushoftheAChastheeffectofimprovingperformance,butnoindependentverificationoftheclient’spermissionsisinitiatedbytheserver.ThealternativeistohavetheserverpulltheinformationfromanACissuerorarepository.Thismethodispreferablefromasecuritystandpoint,becausetheserverorserver’sdomaindeterminestheclient’saccessrights.Thepullmethodhastheaddedbenefitofrequiringnochangestotheclientsoftware.TheQualifiedCertificate(QC)isbasedonthetermusedwithinthe
EuropeanCommissiontoidentifycertificateswithspecificlegislativeuses.ThisconceptisgeneralizedinthePKIXQCprofiletoindicateacertificateusedtoidentifyaspecificindividual(asinglehumanratherthantheentityofthePKC)withahighlevelofassuranceinanonrepudiationservice.TherearedozensofIETFRequestsforComment(RFCs)thathavebeen
producedbythePKIXworkinggroupforeachofthesefiveareas.
ForacompletelistofcurrentandpendingdocumentsassociatedwithPKIX,seetheInternetdraftforthePKIXworkinggrouproadmap(https://www.ietf.org/archive/id/draft-ietf-pkix-roadmap-09.txt/).
PKCSRSALaboratoriescreatedthePublicKeyCryptographyStandards(PKCS)tofillsomeofthegapsinthestandardsthatexistedinPKIimplementation.AstheyhavewiththePKIXstandards,PKIdevelopershaveadoptedmanyofthesestandardsasabasisforachievinginteroperabilitybetweendifferentCAs.PKCSiscomposedofasetof(currently)13activestandards,with2otherstandardsthatarenolongeractive.ThestandardsarereferredtoasPKCS#1throughPKCS#15,aslistedinTable7.1.ThestandardscombinetoestablishacommonbaseforservicesrequiredinaPKI.
Table7.1 PKCSStandards
ThoughadoptedearlyinthedevelopmentofPKIs,someofthesestandardsarebeingphasedout.Forexample,PKCS#6isbeingreplacedbyX.509v3(coveredshortlyinthe“X.509”section)andPKCS#7andPKCS#10arebeingusedless,astheirPKIXcounterpartsarebeingadopted.
WhyYouNeedtoKnowthePKIXandPKCSStandardsIfyourcompanyisplanningtouseoneoftheexistingcertificateserverstosupporte-commerce,youmaynotneedtoknowthespecificsofthesestandards(exceptperhapsfortheCompTIASecurity+exam).However,ifyouplantoimplementaprivatePKItosupportsecureserviceswithinyourorganization,youneedtounderstandwhatstandardsareoutthereandhowthedecisiontouseaparticularPKIimplementation(eitherhomegrownorcommercial)mayleadtoincompatibilitieswithothercertificate-issuingentities.Youmustconsideryourbusiness-to-businessrequirementswhenyou’redecidinghowtoimplementaPKIwithinyourorganization.
ExamTip:Allofthestandardsandprotocolsdiscussedinthischapterarethe“vocabulary”ofthecomputersecurityindustry.Youshouldbewellversedinallthesetitlesandtheirpurposesandoperations.
TechTip
X.509EssentialsX.509specifiesstandardformatsforpublickeycertificates,certificaterevocationlists,andAttributeCertificates.
X.509Whatisacertificate?AsexplainedinChapter6,acertificateismerelyadatastructurethatbindsapublickeytosubjects(uniquenames,DNSentries,ore-mails)andisusedtoauthenticatethatapublickeyindeedbelongstothesubject.Inthelate1980s,theX.500OSIDirectoryStandardwasdefinedbytheInternationalOrganizationforStandardization(ISO)andtheInternationalTelecommunicationUnion(ITU).Itwasdevelopedforimplementinganetworkdirectorysystem,andpartofthisdirectorystandardwastheconceptofauthenticationofentitieswithinthedirectory.X.509istheportionoftheX.500standardthataddressesthestructureofcertificatesusedforauthentication.SeveralversionsoftheX.509certificateshavebeencreated,with
version3beingthecurrentversion(asthisisbeingwritten).EachversionhasextendedthecontentsofthecertificatestoincludeadditionalinformationnecessarytousecertificatesinaPKI.TheoriginalITUX.509definitionwaspublishedin1988,wasformerlyreferredtoasCCITTX.509,andissometimesreferredtoasISO/IEC/ITU9594-8.Version3addedadditionaloptionalextensionsformoresubjectidentificationinformation,keyattributeinformation,policyinformation,andcertificationpathconstraints.Inaddition,version3allowsadditionalextensionstobedefinedinstandardsortobedefinedandregisteredbyorganizationsorcommunities.Certificatesareusedtoencapsulatetheinformationneededto
authenticateanentity.TheX.509specificationdefinesahierarchicalcertificationstructurethatreliesonarootCAthatisself-certifying(meaningitissuesitsowncertificate).Allothercertificatescanbetracedbacktosucharootthroughapath.ACAissuesacertificatetoauniquelyidentifiableentity(person,corporation,computer,andsoon)—issuingacertificateto“JohnSmith”wouldcausesomerealproblemsifthatwerealltheinformationtheCAhadwhenissuingthecertificate.WearesavedsomewhatbytherequirementthattheCAdetermineswhatidentifierisunique(thedistinguishedname),butwhencertificatesandtrustare
extendedbetweenCAs,theuniqueidentificationbecomescritical.
CrossCheckCertificatesAdetaileddescriptionofcertificatesandthesupportingpublickeyinfrastructureisprovidedinChapter6.
SSL/TLSSecureSocketsLayer(SSL)andTransportLayerSecurity(TLS)providethemostcommonmeansofinteractingwithaPKIandcertificates.Theolder,SSLprotocolwasintroducedbyNetscapeasameansofprovidingsecureconnectionsforwebtransfersusingencryption.Thesetwoprotocolsprovidesecureconnectionsbetweentheclientandserverforexchanginginformation.Theyalsoprovideserverauthentication(andoptionally,clientauthentication)andconfidentialityofinformationtransfers.SeeChapter17foradetailedexplanation.
TechTip
SSL/TLSSimplifiedSSLandTLSarecryptographicprotocolstoprovidedataintegrityandsecurityovernetworksbyencryptingnetworkconnectionsatthetransportlayer.InmanycasespeopleusethetermSSLevenwhenTLSisinfacttheprotocolbeingused.
TheIETFestablishedtheTLSworkinggroupin1996todevelopastandardtransportlayersecurityprotocol.TheworkinggroupbeganwithSSLversion3.0asitsbasisandreleasedRFC2246,“TheTLSProtocolVersion1.0,”in1999asaproposedstandard.TheworkinggroupalsopublishedRFC2712,“AdditionofKerberosCipherSuitestoTransport
LayerSecurity(TLS),”asaproposedstandard,andtwoRFCsontheuseofTLSwithHTTP.Likeitspredecessor,TLSisaprotocolthatensuresprivacybetweencommunicatingapplicationsandtheirusersontheInternet.Whenaserverandclientcommunicate,TLSensuresthatnothirdpartycaneavesdroportamperwithanymessage.
SSLisdeprecated.AllversionsofSSL,includingv3,haveexploitablevulnerabilitiesthatmaketheprotocolnolongerconsideredsecure.Foralltrafficwhereconfidentialityisimportant,youshoulduseTLS.
TLSiscomposedoftwoparts:theTLSRecordProtocolandtheTLSHandshakeProtocol.TheTLSRecordProtocolprovidesconnectionsecuritybyusingsupportedencryptionmethods.TheTLSRecordProtocolcanalsobeusedwithoutencryption.TheTLSHandshakeProtocolallowstheserverandclienttoauthenticateeachotherandtonegotiateasessionencryptionalgorithmandcryptographickeysbeforedataisexchanged.ThoughTLSisbasedonSSLandissometimesreferredtoasSSL,they
arenotinteroperable.However,theTLSprotocoldoescontainamechanismthatallowsaTLSimplementationtobackdowntoSSL3.0.Thedifferencebetweenthetwoisthewaytheyperformkeyexpansionandmessageauthenticationcomputations.TheTLSRecordProtocolisalayeredprotocol.Ateachlayer,messagesmayincludefieldsforlength,description,andcontent.TheRecordProtocoltakesmessagestobetransmitted,fragmentsthedataintomanageableblocks,optionallycompressesthedata,appliesamessageauthenticationcode(HMAC)tothedata,encryptsit,andtransmitstheresult.Receiveddataisdecrypted,verified,decompressed,andreassembled,andthendeliveredtohigher-levelclients.TheTLSHandshakeProtocolinvolvesthefollowingsteps,whichare
summarizedinFigure7.4:
•Figure7.4TLSHandshakeProtocol
1.Exchangehellomessagestoagreeonalgorithms,exchangerandomvalues,andcheckforsessionresumption.
2.Exchangethenecessarycryptographicparameterstoallowtheclientandservertoagreeonapre-mastersecret.
3.Exchangecertificatesandcryptographicinformationtoallowtheclientandservertoauthenticatethemselves.
4.Generateamastersecretfromthepre-mastersecretandexchangerandomvalues.
5.Providesecurityparameterstotherecordlayer.6.Allowtheclientandservertoverifythattheirpeerhascalculated
thesamesecurityparametersandthatthehandshakeoccurredwithouttamperingbyanattacker.
Thoughithasbeendesignedtominimizethisrisk,TLSstillhaspotentialvulnerabilitiestoaman-in-the-middleattack.Ahighlyskilledandwell-placedattackercanforceTLStooperateatlowersecuritylevels.Regardless,throughtheuseofvalidatedandtrustedcertificates,asecureciphersuitecanbeselectedfortheexchangeofdata.Onceestablished,aTLSsessionremainsactiveaslongasdataisbeing
exchanged.Ifsufficientinactivetimehaselapsedforthesecureconnectiontotimeout,itcanbereinitiated.
TechTip
DisablingSSLBecauseallversionsofSSL,includingv3,haveexploitablevulnerabilitiesthatmaketheprotocolnolongerconsideredsecure,usersshouldnotrelyonitforsecurity.ChromenolongerusesSSL.ForInternetExplorer,youneedtounchecktheSSLboxesunderInternetOptions.
CipherSuitesInmanyapplications,theuseofcryptographyoccursasacollectionoffunctions.Differentalgorithmscanbeusedforauthentication,encryption/decryption,digitalsignatures,andhashing.Thetermciphersuitereferstoanarrangedgroupofalgorithms.Forinstance,TLShasapublishedTLSCipherSuiteRegistryatwww.iana.org/assignments/tls-
parameters/tls-parameters.xhtml.Thereisawiderangeofciphers,someoldandsomenew,eachwithits
ownstrengthsandweaknesses.Overtime,newmethodsandcomputationalabilitieschangetheviabilityofciphers.Theconceptofstrongversusweakciphersisanacknowledgmentthat,overtime,cipherscanbecomevulnerabletoattacks.Theapplicationorselectionofciphersshouldtakeintoconsiderationthatnotallciphersarestillstrong.Whenselectingacipherforuse,itisimportanttomakeanappropriatechoice.Forexample,ifaserveroffersSSLv3andTLS,youshouldchooseTLSonly,asSSLv3hasbeenshowntobevulnerable.
ISAKMPTheInternetSecurityAssociationandKeyManagementProtocol(ISAKMP)providesamethodforimplementingakeyexchangeprotocolandfornegotiatingasecuritypolicy.Itdefinesproceduresandpacketformatstonegotiate,establish,modify,anddeletesecurityassociates.Becauseitisaframework,itdoesn’tdefineimplementation-specificprotocols,suchasthekeyexchangeprotocolorhashfunctions.ExamplesofISAKMParetheInternetKeyExchange(IKE)protocolandIPsec,whichareusedwidelythroughouttheindustry.AnimportantdefinitionforunderstandingISAKMPisthatoftheterm
securityassociation.Asecurityassociation(SA)isarelationshipinwhichtwoormoreentitiesdefinehowtheywillcommunicatesecurely.ISAKMPisintendedtosupportSAsatalllayersofthenetworkstack.Forthisreason,ISAKMPcanbeimplementedonthetransportlayerusingTCPorUserDatagramProtocol(UDP),oritcanbeimplementedonIPdirectly.NegotiationofanSAbetweenserversoccursintwostages.First,the
entitiesagreeonhowtosecurenegotiationmessages(theISAKMPSA).Oncetheentitieshavesecuredtheirnegotiationtraffic,theythendeterminetheSAsfortheprotocolsusedfortheremainderoftheircommunications.Figure7.5showsthestructureoftheISAKMPheader.ThisheaderisusedduringbothpartsoftheISAKMPnegotiation.
•Figure7.5ISAKMPheaderformat
TheInitiatorCookieissetbytheentityrequestingtheSA,andtherespondersetstheResponderCookie.ThePayloadbyteindicatesthetypeofthefirstpayloadtobeencapsulated.Payloadtypesincludesecurityassociations,proposals,keytransforms,keyexchanges,vendoridentities,andotherthings.TheMajorandMinorRevisionfieldsrefertothemajorversionnumberandminorversionnumberfortheISAKMP.TheExchangeTypehelpsdeterminetheorderofmessagesandpayloads.TheFlagsbitsindicateoptionsfortheISAKMPexchange,includingwhetherthepayloadisencrypted,whethertheinitiatorandresponderhave“committed”totheSA,andwhetherthepacketistobeauthenticatedonly(andisnotencrypted).ThefinalfieldsoftheISAKMPheaderindicatetheMessageIdentifierandaMessageLength.PayloadsencapsulatedwithinISAKMPuseagenericheader,andeachpayloadhasitsownheaderformat.OncetheISAKMPSAisestablished,multipleprotocolSAscanbe
establishedusingthesingleISAKMPSA.Thisfeatureisvaluableduetotheoverheadassociatedwiththetwo-stagenegotiation.SAsarevalidforspecificperiodsoftime,andoncethetimeexpires,theSAmustberenegotiated.ManyresourcesarealsoavailableforspecificimplementationsofISAKMPwithintheIPsecprotocol.
CMPThePKIXCertificateManagementProtocol(CMP)isspecifiedinRFC4210.ThisprotocoldefinesthemessagesandoperationsrequiredtoprovidecertificatemanagementserviceswithinthePKIXmodel.ThoughpartoftheIETFPKIXeffort,CMPprovidesaframeworkthatworkswellwithotherstandards,suchasPKCS#7andPKCS#10.
TechTip
CMPSummarizedCMPisaprotocoltoobtainX.509certificatesinaPKI.
CMPprovidesforthefollowingcertificateoperations:CAestablishment,includingcreationoftheinitialCRLandexportofthepublickeyfortheCA
Certificationofanend-entity,includingthefollowing:
Initialregistrationandcertificationoftheend-entity(registration,certificateissuance,andplacementofthecertificateinarepository)
Updatestothekeypairforend-entities,requiredperiodicallyandwhenakeypairiscompromisedorkeyscannotberecovered
End-entitycertificateupdates,requiredwhenacertificateexpires
PeriodicCAkey-pairupdates,similartoend-entitykey-pair
updates
Cross-certificationrequests,placedbyotherCAs
CertificateandCRLpublication,performedundertheappropriateconditionsofcertificateissuanceandcertificaterevocation
Key-pairrecovery,aservicetorestorekey-pairinformationforanend-entity;forexample,ifacertificatepasswordislostorthecertificatefileislost
Revocationrequests,supportingrequestsbyauthorizedentitiestorevokeacertificate
CMPalsodefinesmechanismsforperformingtheseoperations,eitheronlineorofflineusingfiles,e-mail,tokens,orweboperations.
XKMSTheXMLKeyManagementSpecificationdefinesservicestomanagePKIoperationswithintheExtensibleMarkupLanguage(XML)environment.TheseservicesareprovidedforhandlingPKIkeysandcertificatesautomatically.DevelopedbytheWorldWideWebConsortium(W3C),XKMSisintendedtosimplifyintegrationofPKIsandmanagementofcertificatesinapplications.Aswellasrespondingtoproblemsofauthenticationandverificationofelectronicsignatures,XKMSalsoallowscertificatestobemanaged,registered,orrevoked.XKMSservicesresideonaseparateserverthatinteractswithan
establishedPKI.TheservicesareaccessibleviaasimpleXMLprotocol.DeveloperscanrelyontheXKMSservices,makingitlesscomplextointerfacewiththePKI.Theservicesprovideforretrievingkeyinformation(owner,keyvalue,keyissuer,andthelike)andkeymanagement(suchaskeyregistrationandrevocation).RetrievaloperationsrelyontheXMLsignatureforthenecessary
information.Threetiersofservicearebasedontheclientrequestsandapplicationrequirements.Tier0providesameansofretrievingkey
informationbyembeddingreferencestothekeywithintheXMLsignature.Thesignaturecontainsanelementcalledaretrievalmethodthatindicateswaystoresolvethekey.Inthiscase,theclientsendsarequest,usingtheretrievalmethod,toobtainthedesiredkeyinformation.Forexample,iftheverificationkeycontainsalongchainofX.509v3certificates,aretrievalmethodcouldbeincludedtoavoidsendingthecertificateswiththedocument.Theclientwouldusetheretrievalmethodtoobtainthechainofcertificates.Fortier0,theserverindicatedintheretrievalmethodrespondsdirectlytotherequestforthekey,possiblybypassingtheXKMSserver.Thetier0processisshowninFigure7.6.
•Figure7.6XKMStier0retrieval
Withtier1operations,theclientforwardsthekey-informationportionsoftheXMLsignaturetotheXKMSserver,relyingontheservertoperformtheretrievalofthedesiredkeyinformation.ThedesiredinformationcanbelocaltotheXKMSserver,oritcanresideonanexternalPKIsystem.TheXKMSserverprovidesnoadditionalvalidationofthekeyinformation,suchascheckingwhetherthecertificatehasbeenrevokedorisstillvalid.Justasintier0,theclientperformsfinalvalidationofthedocument.Tier1iscalledthelocateservicebecauseitlocatestheappropriatekeyinformationfortheclient,asshowninFigure7.7.
•Figure7.7XKMStier1locateservice
Tier2iscalledthevalidateserviceandisillustratedinFigure7.8.Inthiscase,justasintier1,theclientreliesontheXKMSservicetoretrievetherelevantkeyinformationfromtheexternalPKI.TheXKMSserveralsoperformsdatavalidationonaportionofthekeyinformationprovidedbytheclientforthispurpose.ThisvalidationverifiesthebindingofthekeyinformationwiththedataindicatedbythekeyinformationcontainedintheXMLsignature.
•Figure7.8XKMStier2validateservice
Theprimarydifferencebetweentier1andtier2isthelevelofinvolvementoftheXKMSserver.Intier1,itcanserveonlyasarelayorgatewaybetweentheclientandthePKI.Intier2,theXKMSserverisactivelyinvolvedinverifyingtherelationbetweenthePKIinformationandthedocumentcontainingtheXMLsignature.XKMSreliesontheclientorunderlyingcommunicationsmechanismto
provideforthesecurityofthecommunicationswiththeXKMSserver.Thespecificationsuggestsusingoneofthreemethodsforensuringserverauthentication,responseintegrity,andrelevanceoftheresponsetotherequest:digitallysignedcorrespondence,atransportlayersecurityprotocol(suchasSSL,TLS,orWTLS),orapacketlayersecurityprotocol(suchasIPsec).Obviously,digitallysignedcorrespondenceintroducesitsownissuesregardingvalidationofthesignature,whichisthepurposeofXKMS.Itispossibletodefineothertiersofservice.Tiers3and4,anassertion
serviceandanassertionstatusservice,respectively,arementionedinthedefiningXKMSspecification,buttheyarenotdefined.Thespecificationstatesthey“could”bedefinedinotherdocuments.XKMSalsoprovidesservicesforkeyregistration,keyrevocation,and
keyrecovery.Authenticationfortheseactionsisbasedonapasswordorpassphrase,whichisprovidedwhenthekeysareregisteredandwhentheymustberecovered.
S/MIMETheSecure/MultipurposeInternetMailExtensions(S/MIME)messagespecificationisanextensiontotheMIMEstandardthatprovidesawaytosendandreceivesignedandencryptedMIMEdata.RSASecuritycreatedthefirstversionoftheS/MIMEstandard,usingtheRSAencryptionalgorithmandthePKCSseriesofstandards.Thesecondversiondatesfrom1998buthadanumberofseriousrestrictions,includingtherestrictionto40-bitDataEncryptionStandard(DES).ThecurrentversionoftheIETFstandardisdatedJuly2004andrequirestheuseofAdvanced
EncryptionStandard(AES).
CrossCheckE-mailEncryptionWanttounderstande-mailencryption?FlipaheadtoChapter16one-mailandinstantmessagingformoredetailsone-mailencryption.Thenanswerthesequestions:
Whyisitimportanttoencrypte-mail?Whatimpactscanmaliciouscodehaveonabusiness?
Whyisinstantmessagingahigherriskthane-mail?
ThechangesintheS/MIMEstandardhavebeensofrequentthatthestandardhasbecomedifficulttoimplementuntilv3.Farfromhavingastablestandardforseveralyearsthatproductmanufacturerscouldhavetimetogainexperiencewith,thereweremanychangestotheencryptionalgorithmsbeingused.Justasimportantly,andnotimmediatelyclearfromtheIETFdocuments,thestandardplacesrelianceuponmorethanoneotherstandardforittofunction.KeyamongtheseistheformatofapublickeycertificateasexpressedintheX.509standard.
IETFS/MIMEHistoryTheS/MIMEv2specificationsoutlineabasicstrategyforprovidingsecurityservicesfore-mailbutlackmanysecurityfeaturesrequiredbytheDepartmentofDefense(DoD)forusebythemilitary.ShortlyafterthedecisionwasmadetorevisetheS/MIMEv2specifications,theDoD,itsvendorcommunity,andcommercialindustrymettobegindevelopmentoftheenhancedspecifications.ThesenewspecificationswouldbeknownasS/MIMEv3.ParticipantsagreedthatbackwardcompatibilitybetweenS/MIMEv3andv2shouldbepreserved;otherwise,S/MIMEv3–compatibleapplicationswouldnotbeabletoworkwitholderS/MIMEv2–compatibleapplications.
AminimumsetofcryptographicalgorithmswasmandatedsothatdifferentimplementationsofthenewS/MIMEv3setofspecificationscouldbeinteroperable.ThisminimumsetmustbeimplementedinanapplicationforittobeconsideredS/MIME-compliant.Applicationscanimplementadditionalcryptographicalgorithmstomeettheircustomers’needs,buttheminimumsetmustalsobepresentintheapplicationsforinteroperabilitywithotherS/MIMEapplications.Thus,usersarenotforcedtouseS/MIME-specifiedalgorithms;theycanchoosetheirown,butiftheapplicationistobeconsideredS/MIME-compliant,thestandardalgorithmsmustalsobepresent.
IETFS/MIMEv3SpecificationsBuildingupontheoriginalworkbytheIMC-organizedgroup,theIETFhasworkedhardtoenhancetheS/MIMEv3specifications.TheultimategoalistohavetheS/MIMEv3specificationsreceiverecognitionasanInternetstandard.ThecurrentIETFS/MIMEv3setofspecificationsincludesthefollowing:
CryptographicMessageSyntax(CMS)
S/MIMEv3messagespecification
S/MIMEv3certificate-handlingspecification
Enhancedsecurityservices(ESS)forS/MIME
TechTip
S/MIMEinaNutshellS/MIMEprovidestwosecurityservicestoe-mail:digitalsignaturesandmessageencryption.Digitalsignaturesverifysenderidentity,andencryptioncankeepcontentsprivateduringtransmission.Theseservicescanbeusedindependentlyofeachother,andprovidethefoundationalbasisformessagesecurity.
TheCMSdefinesastandardsyntaxfortransmittingcryptographicinformationaboutcontentsofaprotectedmessage.OriginallybasedonthePKCS#7version1.5specification,theCMSspecificationwasenhancedbytheIETFS/MIMEworkinggrouptoincludeoptionalsecuritycomponents.JustastheS/MIMEv3providesbackwardcompatibilitywithv2,CMSprovidesbackwardcompatibilitywithPKCS#7,soapplicationswillbeinteroperableevenifthenewcomponentsarenotimplementedinaspecificapplication.Integrity,authentication,andnonrepudiationsecurityfeaturesare
providedbyusingdigitalsignaturesusingtheSignedDatasyntaxdescribedbytheCMS.CMSalsodescribeswhatisknownastheEnvelopedDatasyntaxtoprovideconfidentialityofthemessage’scontentthroughtheuseofencryption.ThePKCS#7specificationsupportskeyencryptionalgorithms,suchasRSA.AlgorithmindependenceispromotedthroughtheadditionofseveralfieldstotheEnvelopedDatasyntaxinCMS,whichisthemajordifferencebetweenthePKCS#7andCMSspecifications.ThegoalwastobeabletosupportspecificalgorithmssuchasDiffie-HellmanandtheKeyExchangeAlgorithm(KEA),whichisimplementedontheFortezzaCryptoCarddevelopedfortheDoD.OnefinalsignificantchangetotheoriginalspecificationsistheabilitytoincludeX.509AttributeCertificatesintheSignedDataandEnvelopedDatasyntaxesforCMS.
CMSTriple-EncapsulatedMessageAninterestingfeatureofCMSistheabilitytonestsecurityenvelopestoprovideacombinationofsecurityfeatures.Asanexample,aCMStriple-encapsulatedmessagecanbecreatedinwhichtheoriginalcontentandassociatedattributesaresignedandencapsulatedwithintheinnerSigned-Dataobject.TheinnerSignedDataobjectisinturnencryptedandencapsulatedwithinanEnvelopedDataobject.TheresultingEnvelopedDataobjectisthenalsosignedandfinallyencapsulatedwithinasecondSignedDataobject,theouterSignedDataobject.UsuallytheinnerSignedDataobjectissignedbytheoriginaluserandtheouterSignedDataobjectissignedbyanotherentity,suchasafirewalloramaillistagent,
providinganadditionallevelofsecurity.ThistripleencapsulationisnotrequiredofeveryCMSobject.Allthatis
requiredisasingleSignedDataobjectcreatedbytheusertosignamessageoranEnvelopedDataobjectiftheuserdesiredtoencryptamessage.
OpenPGPisawidelyusede-mailencryptionstandard.Anonproprietaryprotocolforencryptinge-mailusingpublickeycryptography,itisbasedonPGPasoriginallydevelopedbyPhilZimmermann,andisdefinedbytheOpenPGPworkinggroupoftheIETFproposedstandardRFC4880.
PGPPrettyGoodPrivacy(PGP)isapopularprogramthatisusedtoencryptanddecrypte-mailandfiles.Italsoprovidestheabilitytodigitallysignamessagesothereceivercanbecertainofthesender’sidentity.Takentogether,encryptingandsigningamessageallowsthereceivertobeassuredofwhosentthemessageandtoknowthatitwasnotmodifiedduringtransmission.Public-domainversionsofPGPhavebeenavailableforyears,ashaveinexpensivecommercialversions.PGPwasoneofthemostwidelyusedprogramsandwasfrequentlyused
bybothindividualsandbusinessestoensuredataande-mailprivacy.ItwasdevelopedbyPhilipR.Zimmermannin1991andquicklybecameadefactostandardfore-mailsecurity.ThepopularityofPGPleadtotheOpenPGPInternetstandard,RFC4880,andopensourcesolutions.GNUPrivacyGuard(GPG)isacommonalternativetoPGPinusetoday.
TechTip
APGPPersonalNote
AfterdistributingPGPin1991,including(indirectly)internationally,ZimmermannbecameaformaltargetofacriminalinvestigationbytheU.S.governmentin1993forexportingmunitionswithoutalicense,becausecryptosystemsusingkeyslargerthan40bitswereconsidered“munitions”underU.S.exportlaw.ZimmermannproceededtopublishtheentiresourcecodeofPGPinahardbackbook,which,unlikesoftware,isprotectedfromexportlawsbytheFirstAmendmentoftheU.S.Constitution.TheinvestigationofZimmermannwasdroppedafterseveralyears.
HowPGPWorksPGPusesavariationofthestandardpublickeyencryptionprocess.Inpublickeyencryption,anindividual(herecalledthecreator)usestheencryptionprogramtocreateapairofkeys.Onekeyisknownasthepublickeyandisdesignedtobegivenfreelytoothers.Theotherkeyiscalledtheprivatekeyandisdesignedtobeknownonlybythecreator.Individualswhowanttosendaprivatemessagetothecreatorencryptthemessageusingthecreator’spublickey.Thealgorithmisdesignedsuchthatonlytheprivatekeycandecryptthemessage,soonlythecreatorwillbeabletodecryptit.Thismethod,knownaspublickeyorasymmetricencryption,istime
consuming.Symmetricencryptionusesonlyasinglekeyandisgenerallyfaster.ItisbecauseofthisthatPGPisdesignedthewayitis.PGPusesasymmetricencryptionalgorithmtoencryptthemessagetobesent.Itthenencryptsthesymmetrickeyusedtoencryptthismessagewiththepublickeyoftheintendedrecipient.Boththeencryptedkeyandmessagearethensent.Thereceiver’sversionofPGPfirstdecryptsthesymmetrickeywiththeprivatekeysuppliedbytherecipientandthenusestheresultingdecryptedkeytodecrypttherestofthemessage.PGPcanusetwodifferentpublickeyalgorithms:Rivest-Shamir-
Adleman(RSA)andDiffie-Hellman.TheRSAversionusestheInternationalDataEncryptionAlgorithm(IDEA)andashortsymmetrickeytoencryptthemessageandthenusesRSAtoencrypttheshortIDEAkeyusingtherecipient’spublickey.TheDiffie-HellmanversionusestheCarlisleAdamsandStaffordTavares(CAST)algorithmtoencryptthe
messageandtheDiffie-HellmanalgorithmtoencrypttheCASTkey.Todecryptthemessage,thereverseisperformed.TherecipientusestheirprivatekeytodecrypttheIDEAorCASTkey,andthenusesthatdecryptedkeytodecryptthemessage.ThesearebothillustratedinFigure7.9.
•Figure7.9HowPGPworksforencryption
Togenerateadigitalsignature,PGPtakesadvantageofanotherpropertyofpublickeyencryptionschemes.Normally,thesenderencryptsusingthereceiver’spublickeyandthemessageisdecryptedattheotherendusingthereceiver’sprivatekey.Theprocesscanbereversedsothatthesenderencrypts(signs)withhisownprivatekey.Thereceiverthendecryptsthemessagewiththesender’spublickey.Sincethesenderistheonlyindividualwhohasakeythatwillcorrectlybedecryptedwiththesender’spublickey,thereceiverknowsthatthemessagewascreatedbythesenderwhoclaimstohavesentit.ThewayPGPaccomplishesthistaskistogenerateahashvaluefromtheuser’snameandothersignatureinformation.Thishashvalueisthenencryptedwiththesender’sprivatekeyknownonlybythesender.Thereceiverusesthesender’spublickey,whichisavailabletoeveryone,todecryptthehashvalue.Ifthedecryptedhashvaluematchesthehashvaluesentasthedigitalsignatureforthemessage,thenthereceiverisassuredthatthemessagewassentbythesenderwhoclaimstohavesentit.Typically,versionsofPGPcontainauserinterfacethatworkswith
commone-mailprogramssuchasMicrosoftOutlook.Ifyouwantotherstobeabletosendyouanencryptedmessage,youneedtoregisteryourpublickey,generatedbyyourPGPprogram,withaPGPpublickeyserver.Alternatively,youhavetoeithersendyourpublickeytoallthosewhowanttosendyouanencryptedmessageorpostyourkeytosomelocationfromwhichtheycandownloadit,suchasyourwebpage.Notethatusingapublickeyserveristhebettermethod,forallthereasonsoftrustdescribedinthediscussionofPKIsinChapter6.
TechTip
WhereCanYouUsePGP?
FormanyyearstheU.S.governmentwagedafightovertheexportationofPGPtechnology,andformanyyearsitsexportationwasillegal.Today,however,PGP-encryptede-mailcanbeexchangedwithmostusersoutsidetheUnitedStates,andmanyversionsofPGPareavailablefromnumerousinternationalsites.Ofcourse,beingabletoexchangePGP-encryptede-mailrequiresthattheindividualsonbothsidesofthecommunicationhavevalidversionsofPGP.Interestingly,internationalversionsofPGParejustassecureasdomesticversions—afeaturethatisnottrueofotherencryptionproducts.ItshouldbenotedthatthefreewareversionsofPGParenotlicensedforcommercialpurposes.
HTTPSMostwebactivityoccursusingHTTP,butthisprotocolispronetointerception.HTTPSuseseitherSSLorTLStosecurethecommunicationchannel.OriginallydevelopedbyNetscapeCommunicationsandimplementedinitsbrowser,HTTPShassincebeenincorporatedintomostcommonbrowsers.HTTPSusesthestandardTCPport443forTCP/IPcommunicationsratherthanthestandardport80usedforHTTP.Aspreviouslydiscussed,becauseofvulnerabilitiesinSSL,onlyTLSisrecommendedforHTTPStoday.
IPsecIPsecisacollectionofIPsecurityfeaturesdesignedtointroducesecurityatthenetworkorpacket-processinglayerinnetworkcommunication.OtherapproacheshaveattemptedtoincorporatesecurityathigherlevelsoftheTCP/IPsuitesuchasatthelevelwhereapplicationsreside.IPsecisdesignedtoprovidesecureIPcommunicationsovertheInternet.Inessence,IPsecprovidesasecureversionoftheIPbyintroducingauthenticationandencryptiontoprotectLayer4protocols.IPsecisoptionalforIPv4butisrequiredforIPv6.Obviously,bothendsofthecommunicationneedtouseIPsecfortheencryption/decryptionprocesstooccur.IPsecprovidestwotypesofsecurityservicetoensureauthenticationand
confidentialityforeitherthedataalone(referredtoasIPsectransportmode)orforboththedataandheader(referredtoastunnelmode).SeeChapter11formoredetailontunnelingandIPsecoperation.IPsecintroducesseveralnewprotocols,includingtheAuthenticationHeader(AH),whichbasicallyprovidesauthenticationofthesender,andtheEncapsulatingSecurityPayload(ESP),whichaddsencryptionofthedatatoensureconfidentiality.IPsecalsoprovidesforpayloadcompressionbeforeencryptionusingtheIPPayloadCompressionProtocol(IPcomp).Frequently,encryptionnegativelyimpactstheabilityofcompressionalgorithmstofullycompressdatafortransmission.Byprovidingtheabilitytocompressthedatabeforeencryption,IPsecaddressesthisissue.
CEPCertificateEnrollmentProtocol(CEP)wasoriginallydevelopedbyVeriSignforCiscoSystems.Itwasdesignedtosupportcertificateissuance,distribution,andrevocationusingexistingtechnologies.ItsusehasgrowninclientandCAapplications.TheoperationssupportedincludeCAandRApublickeydistribution,certificateenrollment,certificaterevocation,certificatequery,andCRLquery.OneofthekeygoalsofCEPwastouseexistingtechnologywhenever
possible.ItusesbothPKCS#7(CryptographicMessageSyntaxStandard)andPKCS#10(CertificationRequestSyntaxStandard)todefineacommonmessagesyntax.ItsupportsaccesstocertificatesandCRLsusingeithertheLightweightDirectoryAccessProtocol(LDAP)ortheCEP-definedcertificatequery.
OtherStandardsTherearemanyadditionalstandardsassociatedwithinformationsecuritythatarenotspecificallyorsolelyassociatedwithPKIand/orcryptography.Theremainderofthechapterwillintroducethesestandardsandprotocols.
FIPSTheFederalInformationProcessingStandardsPublications(FIPSPUBSorsimplyFIPS)describevariousstandardsfordatacommunicationissues.ThesedocumentsareissuedbytheU.S.governmentthroughtheNationalInstituteofStandardsandTechnology(NIST),whichistaskedwiththeirdevelopment.NISTcreatesthesepublicationswhenacompellinggovernmentneedrequiresastandardforuseinareassuchassecurityorsysteminteroperabilityandnorecognizedindustrystandardexists.ThreecategoriesofFIPSPUBSarecurrentlymaintainedbyNIST:
Hardwareandsoftwarestandards/guidelines
Datastandards/guidelines
Computersecuritystandards/guidelines
ThesedocumentsrequirethatproductssoldtotheU.S.governmentcomplywithone(ormore)oftheFIPSstandards.Thestandardscanbeobtainedfromwww.nist.gov/itl/fips.cfm.
FIPS140-2relatestospecificcryptographicstandardsforthevalidationofcomponentsusedinU.S.governmentsystems.SystemscanbeaccreditedtotheFIPS140-2standardtodemonstratelevelsofsecurityfrom“approvedalgorithms”tohigherlevelsthatincludeadditionalprotectionsuptoandincludingphysicalsecurityandtamperproofmechanisms.
CommonCriteriaTheCommonCriteriaforInformationTechnologySecurity(CommonCriteriaorCC)istheresultofanefforttodevelopajointsetofsecurityprocessesandstandardsthatcanbeusedbytheinternationalcommunity.ThemajorcontributorstotheCCarethegovernmentsoftheUnitedStates,Canada,France,Germany,theNetherlands,andtheUnitedKingdom.The
CCalsoprovidesalistingoflaboratoriesthatapplythecriteriaintestingsecurityproducts.ProductsthatareevaluatedbyoneoftheapprovedlaboratoriesreceiveanEvaluationAssuranceLevelofEAL1throughEAL7(EAL7isthehighestlevel),withEAL4,forexample,designedforenvironmentsrequiringamoderatetohighlevelofindependentlyassuredsecurity,andEAL1beingdesignedforenvironmentsinwhichsomeconfidenceinthecorrectoperationofthesystemisrequiredbutwherethethreatstothesystemarenotconsideredserious.TheCCalsoprovidesalistingofproductsbyfunctionthathaveperformedataspecificEAL.
WTLSTheWirelessTransportLayerSecurity(WTLS)protocolisbasedontheTLSprotocol.WTLSprovidesreliabilityandsecurityforwirelesscommunicationsusingtheWirelessApplicationProtocol(WAP).WTLSisnecessaryduetothelimitedmemoryandprocessingabilitiesofWAP-enabledphones.WTLScanbeimplementedinoneofthreeclasses:Class1iscalled
anonymousauthenticationbutisnotdesignedforpracticaluse.Class2iscalledserverauthenticationandisthemostcommonmodel.Theclientsandservermayauthenticateusingdifferentmeans.Class3isserverandclientauthentication.InClass3authentication,theclient’sandserver’sWTLScertificatesareauthenticated.Class3isthestrongestformofauthenticationandencryption.
ISO/IEC27002(FormerlyISO17799)ISO/IEC27002isaverypopularanddetailedstandardforcreatingandimplementingsecuritypolicies.ISO/IEC27002wasformerlyISO17799,whichwasbasedonversion2oftheBritishStandard7799(BS7799)publishedinMay1999.Withtheincreasedemphasisplacedonsecurityinboththegovernmentandindustryinrecentyears,manyorganizationsarenowtrainingtheirauditpersonneltoevaluatetheirorganizationsagainst
theISO/IEC27002standard.Thestandardisdividedinto12sections,eachcontainingmoredetailedstatementsdescribingwhatisinvolvedforthattopic:
RiskassessmentDeterminetheimpactofrisksSecuritypolicyGuidanceandpolicyprovidedbymanagementOrganizationofinformationsecurityGovernancestructuretoimplementsecuritypolicy
AssetmanagementInventoryandclassificationofassetsHumanresourcessecurityPoliciesandproceduresaddressingsecurityforemployeesincludinghires,changes,anddepartures
PhysicalandenvironmentalsecurityProtectionofthecomputerfacilities
CommunicationsandoperationsmanagementManagementoftechnicalsecuritycontrolsinsystemsandnetworks
AccesscontrolRestrictionofaccessrightstonetworks,systems,applications,functions,anddata
Informationsystemsacquisition,development,andmaintenanceBuildingsecurityintoapplications
InformationsecurityincidentmanagementAnticipatingandrespondingappropriatelytoinformationsecuritybreaches
BusinesscontinuitymanagementProtecting,maintaining,andrecoveringbusiness-criticalprocessesandsystems
ComplianceEnsuringconformancewithinformationsecuritypolicies,standards,laws,andregulations
SAMLSecurityAssertionMarkupLanguage(SAML)isasinglesign-on
capabilityusedforwebapplicationstoensureuseridentitiescanbesharedandareprotected.Itdefinesstandardsforexchangingauthenticationandauthorizationdatabetweensecuritydomains.Itisbecomingincreasinglyimportantwithcloud-basedsolutionsandwithSoftware-as-a-Service(SaaS)applications,becauseitensuresinteroperabilityacrossidentityproviders.SAMLisanXML-basedprotocolthatusessecuritytokensand
assertionstopassinformationabouta“principal”(typicallyanenduser)withaSAMLauthority(an“identityprovider”orIdP)andtheserviceprovider(SP).TheprincipalrequestsaservicefromtheSPwhichthenrequestsandobtainsanidentityassertionfromtheIdP.TheSPcanthengrantaccessorperformtherequestedservicefortheprincipal.
Chapter7Review
ChapterSummaryAfterreadingthischapterandcompletingtheexercises,youshouldunderstandthefollowingaboutPKIstandardsandprotocols.
IdentifythestandardsinvolvedinestablishinganinteroperableInternetPKI
PKIXandPKCSdefinethemostcommonlyusedPKIstandards.
PKIX,PKCS,X.509,ISAKMP,XKMS,andCMPcombinetoimplementPKI.
SSL/TLS,S/MIME,HTTPS,andIPsecareprotocolsthatusePKI.
ExplaininteroperabilityissueswithPKIstandards
Standardsandprotocolsareimportantbecausetheydefinethebasisfor
howcommunicationwilltakeplace.Theuseofstandardsandprotocolsprovidesacommon,interoperableenvironmentforsecurelyexchanginginformation.
Withoutthesestandardsandprotocols,twoentitiesmayindependentlydeveloptheirownmethodtoimplementthevariouscomponentsforaPKI,andthetwowillnotbecompatible.
OntheInternet,notbeingcompatibleandnotbeingabletocommunicateisnotanoption.
DescribehowthecommonInternetprotocolsimplementthePKIstandards
ThreemainstandardshaveevolvedovertimetoimplementPKIsontheInternet.
Twoofthemainstandardsarebasedonathirdstandard,theX.509standard,andestablishcomplementarystandardsforimplementingPKIs.ThesetwostandardsarePublicKeyInfrastructureX.509(PKIX)andPublicKeyCryptographyStandards(PKCS).
PKIXdefinesstandardsforinteractionsandoperationsforfourcomponenttypes:theuser(end-entity),certificateauthority(CA),registrationauthority(RA),andtherepositoryforcertificatesandcertificaterevocationlists(CRLs).
PKCSdefinesmanyofthelower-levelstandardsformessagesyntax,cryptographicalgorithms,andthelike.
ThereareotherprotocolsandstandardsthathelpdefinethemanagementandoperationofthePKIandrelatedservices,suchasISAKMP,XKMS,andCMP.
S/MIMEisusedtoencrypte-mail.
SSL,TLS,andWTLSareusedforsecurepackettransmission.
IPsecisusedtosupportvirtualprivatenetworks.
TheCommonCriteriaestablishesaseriesofcriteriafromwhichsecurityproductscanbeevaluated.
TheISO/IEC27002standardprovidesapointfromwhichsecuritypoliciesandpracticescanbedevelopedintwelveareas.
VarioustypesofpublicationsareavailablefromNISTsuchasthosefoundintheFIPSseries.
KeyTermscertificate(172)certificateauthority(CA)(169)certificaterevocationlist(CRL)(169)InternetSecurityAssociationandKeyManagementProtocol
(ISAKMP)(174)IPsec(182)PrettyGoodPrivacy(PGP)(180)publickeyinfrastructure(PKI)(167)Secure/MultipurposeInternetMailExtensions(S/MIME)(178)SecureSocketsLayer(SSL)(173)SecurityAssertionMarkupLanguage(SAML)(185)TransportLayerSecurity(TLS)(173)WirelessApplicationProtocol(WAP)(184)WirelessTransportLayerSecurity(WTLS)(184)X.509(172)
KeyTermsQuizUsetermsfromtheKeyTermslisttocompletethesentencesthatfollow.Don’tusethesametermmorethanonce.Notalltermswillbeused.
1._______________isaprotocolusedtosecureIPpacketsduring
transmissionacrossanetwork.Itoffersauthentication,integrity,andconfidentialityservices.ItusesAuthenticationHeaders(AHs)andEncapsulatingSecurityPayload(ESP)toaccomplishthisfunctionality.
2.Anencryptioncapabilitydesignedtoencryptabovethetransportlayer,enablingsecuresessionsbetweenhosts,iscalled______________.
3.A(n)_______________isanentitythatisresponsibleforissuingandrevokingcertificates.Thistermisalsoappliedtoserversoftwarethatprovidestheseservices.
4.Adigitallysignedobjectthatlistsallofthecurrentbutrevokedcertificatesissuedbyagivencertificateauthorityiscalledthe______________.Itallowsuserstoverifywhetheracertificateiscurrentlyvalideveniftheexpirationdatehasn’tpassed.
5._______________isaformatthathasbeenadoptedtostandardizedigitalcertificates.
6.Infrastructureforbindingapublickeytoaknownuserthroughatrustedintermediary,typicallyacertificateauthority,iscalledthe_______________.
7.The_______________isaprotocolframeworkthatdefinesthemechanicsofimplementingakeyexchangeprotocolandnegotiationofasecuritypolicy.
8.TheencryptionprotocolthatisusedonWirelessApplicationProtocol(WAP)networksiscalled_______________.
9.Aprotocolfortransmittingdatatosmallhandhelddeviceslikecellularphonesisthe_______________.
10._______________isapopularencryptionprogramthathastheabilitytoencryptanddigitallysigne-mailandfiles.
Multiple-ChoiceQuiz1.Whichofthefollowingisusedtograntpermissionsusingrule-
based,role-based,andrank-basedaccesscontrols?
A.AQualifiedCertificate
B.AControlCertificate
C.AnAttributeCertificate
D.AnOptionalCertificate
2.XKMSallowscertificatestobeallofthefollowingexcept:A.Created
B.Registered
C.Managed
D.Revoked
3.TransportLayerSecurityconsistsofwhichtwoprotocols?A.TheTLSRecordProtocolandTLSHandshakeProtocol
B.TheTLSRecordProtocolandTLSCertificateProtocol
C.TheTLSCertificateProtocolandTLSHandshakeProtocol
D.TheTLSKeyProtocolandTLSHandshakeProtocol
4.Whichofthefollowingprovidesamethodforimplementingakeyexchangeprotocol?
A.EISA
B.ISAKMP
C.ISA
D.ISAKEY
5.Whichofthefollowingisadetailedstandardforcreatingandimplementingsecuritypolicies?
A.PKIX
B.ISO/IEC27002
C.FIPS
D.X.509
6.Arelationshipwheretwoormoreentitiesdefinehowtheywillcommunicatesecurelyisknownaswhat?
A.Athree-wayhandshake
B.Asecurityassociation
C.Athree-wayagreement
D.Asecurityagreement
7.WhatisthepurposeofXKMS?A.Extendssessionassociationsovermanytransportprotocols
B.EncapsulatessessionassociationsoverTCP/IP
C.DefinesservicestomanageheterogeneousPKIoperationsviaXML
D.DesignedtoreplaceSSL
8.Whichofthefollowingisasecuree-mailstandard?A.POP3
B.IMAP
C.SMTP
D.S/MIME
9.WhichofthefollowingisajointsetofsecurityprocessesandstandardsusedbyapprovedlaboratoriestoawardanEvaluationAssuranceLevel(EAL)fromEAL1toEAL7?
A.CommonCriteria
B.FIPS
C.ISO17700
D.IEEEX.509
10.TransportLayerSecurityforHTTPuseswhatporttocommunicate?A.53
B.80
C.143
D.443
EssayQuiz1.YouaretheInformationSecurityOfficeratamedium-sized
company(1500employees).TheCIOhasaskedyoutoexplainwhyyourecommendusingcommercialPKIsratherthanimplementingsuchacapabilityin-housewiththesoftwaredevelopersyoualreadyhave.Writethreesuccinctsentencesthatwouldgetyourpointacrossandaddressthreekeyissues.
2.Imagineyouareawebdeveloperforasmalllocallyownedbusiness.ExplainwhenusingHTTPwouldbesatisfactoryandwhy,andexplainwhenyoushoulduseHTTPSandwhy.
3.Explaininyourownwordshow,byapplyingbothasymmetricandsymmetricencryption,yourbrowserusesTLStoprotecttheprivacyoftheinformationpassingbetweenyourbrowserandawebserver.
4.Itiswellunderstoodthatasymmetricencryptionconsumesmorecomputingresourcesthansymmetricencryption.ExplainhowPGPusesbothasymmetricandsymmetricencryptiontobebothsecureandefficient.
LabProjects
Notethatfortheselabprojects,itwouldbebesttohaveapartnersothatyoucaneachhaveyourownpairofpublic/privatekeystoconfirmtheoperationofPGP.
•LabProject7.1LoadeitheratrialversionofPGPorGnuPrivacyGuard(GPG).Installitandcreateapublic/privatekeypairforyourself.Createadocumentusingawordprocessorandencryptitusingthereceiver’spublickey.Sendittoapartner(oryourself)andthendecryptitusingthecorrespondingprivatekey.
•LabProject7.2CreateanotherdocumentdifferentfromtheoneusedinLabProject7.1.Thistimeuseyourprivatekeytodigitallysignthedocumentandsendittoapartner(oryourself)whocanthenusethepublickeytoconfirmthatitreallyisfromtheindicatedsender.
chapter8 PhysicalSecurity
Baseballis90percentmental,theotherhalfisphysical.
—YOGIBERRA
F
Inthischapter,youwilllearnhowto
Describehowphysicalsecuritydirectlyaffectscomputerandnetworksecurity
Discussstepsthatcanbetakentohelpmitigaterisks
Identifythedifferenttypesoffiresandthevariousfiresuppressionsystemsdesignedtolimitthedamagecausedbyfires
Explainelectronicaccesscontrolsandtheprinciplesofconvergence
ormosthomes,locksaretheprimarymeansofachievingphysicalsecurity,andalmosteveryonelocksthedoorstohisorherhomeuponleavingtheresidence.Somegoevenfurtherandsetupintrusionalarm
systemsinadditiontolocks.Alltheseprecautionsareconsiderednecessarybecausepeoplebelievetheyhavesomethingsignificantinsidethehousethatneedstobeprotected,suchasimportantpossessionsandimportantpeople.Physicalsecurityisanimportanttopicforbusinessesdealingwiththe
securityofnetworksandinformationsystems.Businessesareresponsibleforsecuringtheirprofitability,whichrequiressecuringacombinationofassets:employees,productinventory,tradesecrets,andstrategyinformation.Theseandotherimportantassetsaffecttheprofitabilityofacompanyanditsfuturesurvival.Companiesthereforeperformmanyactivitiestoattempttoprovidephysicalsecurity—lockingdoors,installingalarmsystems,usingsafes,postingsecurityguards,settingaccesscontrols,andmore.Mostcompaniestodayhaveinvestedalargeamountoftime,money,
andeffortinbothnetworksecurityandinformationsystemssecurity.Inthischapter,youwilllearnabouthowthestrategiesforsecuringthenetworkandforsecuringinformationsystemsarelinked,andyou’lllearnseveralmethodsbywhichcompaniescanminimizetheirexposuretophysicalsecurityeventsthatcandiminishtheirnetworksecurity.
TheSecurityProblemTheproblemthatfacesprofessionalschargedwithsecuringacompany’snetworkcanbestatedrathersimply:physicalaccessnegatesallothersecuritymeasures.Nomatterhowimpenetrablethefirewallandintrusiondetectionsystem(IDS),ifanattackercanfindawaytowalkuptoandtouchaserver,hecanbreakintoit.Considerthatmostnetworksecuritymeasuresare,fromnecessity,
directedatprotectingacompanyfromInternet-basedthreats.Consequently,alotofcompaniesallowanykindoftrafficonthelocalareanetwork(LAN).SoifanattackerattemptstogainaccesstoaserverovertheInternetandfails,hemaybeabletogainphysicalaccesstothereceptionist’smachineand,byquicklycompromisingit,useitasaremotelycontrolledzombietoattackwhatheisreallyafter.Figure8.1illustratestheuseofalower-privilegemachinetoobtainsensitiveinformation.Physicallysecuringinformationassetsdoesn’tmeanjusttheservers;itmeansprotectingphysicalaccesstoalltheorganization’scomputersanditsentirenetworkinfrastructure.
•Figure8.1Usingalower-privilegemachinetogetatsensitiveinformation
Physicalaccesstoacorporation’ssystemscanallowanattackertoperformanumberofinterestingactivities,startingwithsimplypluggingintoanopenEthernetjack.Theadventofhandhelddeviceswiththeabilitytorunoperatingsystemswithfullnetworkingsupporthasmadethisattackscenarioevenmorefeasible.Priortohandhelddevices,theattackerwouldhavetoworkinasecludedareawithdedicatedaccesstotheEthernetforatime.Theattackerwouldsitdownwithalaptopandrunavarietyoftoolsagainstthenetwork,andworkinginternallytypicallyputtheattackerinsidethefirewallandIDS.Today’scapablemobiledevicescanassisttheseeffortsbyallowingattackerstoplacethesmalldeviceontothenetworktoactasawirelessbridge,asshowninFigure8.2.
•Figure8.2Awirelessbridgecanallowremoteaccess.
Theattackercanthenusealaptoptoattackanetworkremotelyviathebridgefromoutsidethebuilding.IfpowerisavailableneartheEthernetjack,thistypeofattackcanalsobeaccomplishedwithanoff-the-shelfaccesspoint.Theattacker’sonlychallengeisfindinganEthernetjackthat
isn’tcoveredbyfurnitureorsomeotherobstruction.Anothersimpleattackthatcanbeusedwhenanattackerhasphysical
accessiscalledabootdisk.AnymediausedtobootacomputerintoanoperatingsystemthatisnotthenativeOSonitsharddrivecouldbeclassifiedasabootdisk.Thesecanbeintheformofafloppydisk,CD,DVD,oraUSBflashdrive.BeforebootableCDsorDVDswereavailable,abootfloppywasusedtostartthesystemandpreparetheharddrivestoloadtheoperatingsystem.Abootsourcecancontainanumberofprograms,butthemosttypicaloneswouldbeNTFSDOSorafloppy-basedLinuxdistributionthatcanbeusedtoperformanumberoftasks,includingmountingtheharddrivesandperformingatleastreadoperations,alldoneviascript.Onceanattackerisabletoreadaharddrive,thepasswordfilecanbecopiedoffthemachineforofflinepassword-crackingattacks.Ifwriteaccesstothedriveisobtained,theattackercouldalterthepasswordfileorplacearemote-controlprogramtobeexecutedautomaticallyuponthenextboot,guaranteeingcontinuedaccesstothemachine.Mostnewmachinesdonotincludefloppydrives,sothisattackisrapidlybeingreplacedbythesameconceptwithaUSBdevice,CD,orDVD.ThemostobviousmitigationistotelltheBIOSnottobootfromremovablemedia,butthistoohasissues.ThebootableCD-ROMsandDVD-ROMsareactuallymoreofathreat,
becausetheyarefrequentlyusedtocarryavarietyofsoftwareforupdatesandcanutilizethemuchgreaterstoragecapacityoftheCDorDVDmedia.Thiscapacitycanstoreanentireoperatingsystemandacompletetoolsetforavarietyoftasksormalware,sowhenupdatingviaCD/DVD,precautionsmustbetakentoensuretheveracityofthemedia.Thereareoperatingsystemdistributionsspecificallydesignedtorunthe
entiremachinefromanopticaldiscwithoutusingtheharddrive.ThesearecommonlyreferredtoasLiveCDs.ALiveCDcontainsabootableversionofanentireoperatingsystem,typicallyavariantofLinux,completewithdriversformostdevices.LiveCDsgiveanattackeragreaterarrayoftoolsthancouldbeloadedontoafloppydisk,suchasscanners,sniffers,vulnerabilityexploits,forensictools,driveimagers,passwordcrackers,
andsoon.Thesesetsoftoolsaretoonumeroustolisthereandarechangingeveryday.ThebestresourceistosearchtheInternetforpopularLiveCDdistributionslikeKali/Backtrack,knoppix,andPHLAK.AsamplecollectionofLiveCDsisshowninFigure8.3.
•Figure8.3AcollectionofsampleLiveCDs
Forexample,withaLiveCDanattackerwouldlikelyhaveaccesstotheharddiskandalsotoanoperationalnetworkinterfacethatwouldallow
himtosendthedrivedataovertheInternetifproperlyconnected.ThesebootableoperatingsystemscouldalsobecustombuilttocontainanytoolthatrunsunderLinux,allowinganattackertobuildastandardbootableattackimageorastandardbootableforensicimage,orsomethingcustomizedforthetoolshelikestouse.BootableUSBflashdrivesemulatethefunctionofaCD-ROMandprovideadevicethatisbothphysicallysmallerandlogicallylarger.CheapUSBflashdrivesarenowcommonlyavailablethatprovidegreaterthan32GBofstorage,withmoreexpensiveversionsstretchingthatcapacityto64,128,andeven256GB.Electronicminiaturizationhasmadethesedevicessmallenoughtobeunnoticed;arecentversionextendsonly5mmfromtheUSBport.Madebootable,thesedevicescancontainentirespecializedoperatingsystems,andunlikeabootableCD-ROM,thesedevicescanalsobewrittento,providinganoffloadpointforcollecteddataifanattackerchoosestoleavethedeviceandreturnlater.
TryThis!CreateaBootdiskBootdisksallowyoutobootacomputertothediskratherthantheOSthatisontheharddrive.Createabootdiskforyourownpersonalcomputer.ThestepsdifferbetweendifferentOSsanddependinguponthemediathatyouwishtomakebootable.PerformalittleresearchtodeterminethecorrectprocedureforyourOSandgiveitatry.MakeabootableCD/DVDorUSBflashdrive.
ThesetypesofdeviceshavespawnedanewkindofattackinwhichaCD,DVD,orflashdriveisleftinanopportunisticplacewheremembersofatargetorganizationmaypickupandusethem.ThisCD/DVDorflashdriveistypicallyloadedwithmalwareandisreferredtoasaroadapple.Theattackreliesoncuriouspeopletoplugthedeviceintotheirworkcomputertoseewhat’sonit.Occasionallytheattackermayalsotrytotemptthepasserbywithenticingdescriptionslike“EmployeeSalaries”orevensomethingassimpleas“Confidential.”OnceauserloadstheCD/DVDorflashdrive,themalwarewillattempttoinfectthemachine.
Driveimagingistheprocessofcopyingtheentirecontentsofaharddrivetoasinglefileonadifferentmedia.Thisprocessisoftenusedbypeoplewhoperformforensicinvestigationsofcomputers.Typically,abootablemediaisusedtostartthecomputerandloadthedriveimagingsoftware.Thissoftwareisdesignedtomakeabit-by-bitcopyoftheharddriveinafileonanothermedia,usuallyanotherharddriveorCD-R/DVD-Rmedia.Driveimagingisusedininvestigationstomakeanexactcopythatcanbeobservedandtakenapart,whilekeepingtheoriginalexactlyasitwasforevidencepurposes.
ExamTip:Driveimagingisathreatbecauseallexistingaccesscontrolstodatacanbebypassedandallthedatastoredonthedrivecanbereadfromtheimage.
Fromanattacker’sperspective,driveimagingsoftwareisusefulbecauseitpullsallinformationfromacomputer’sharddrivewhilestillleavingthemachineinitsoriginalstate.Theinformationcontainseverybitofdatathatisonthecomputer:anylocallystoreddocuments,locallystorede-mails,andeveryotherpieceofinformationthattheharddrivecontains.Thisdatacouldbeveryvaluableifthemachineholdssensitiveinformationaboutthecompany.Physicalaccessisthemostcommonwayofimagingadrive,andthe
biggestbenefitfortheattackeristhatdriveimagingleavesabsolutelynotraceofthecrime.Besidesphysicallysecuringaccesstoyourcomputers,youcandoverylittletopreventdriveimaging,butyoucanminimizeitsimpact.Theuseofencryptionevenforafewimportantfilesprovidesprotection.Fullencryptionofthedriveprotectsallfilesstoredonit.Alternatively,placingfilesonacentralizedfileserverkeepsthemfrombeingimagedfromanindividualmachine,butifanattackerisabletoimagethefileserver,thedatawillbecopied.
CrossCheckForensicImagesWhentakingaforensic-basedimage,itisimportanttofollowproperforensicprocedurestoensuretheevidenceisproperlysecured.ForensicprocessesandproceduresarecoveredindetailinChapter23.
TechTip
EncryptiontoTPM-BasedKeysManycomputersnowcomewithasecuritychipthatfollowstheTrustedPlatformModulestandard.ThisTPMchipallowsforthecreationandstorageofencryptionkeys.Oneofthestrengthsassociatedwiththislevelofsecurityisthatifacopyofadrive,oreventhedriveitself,isstolen,thecontentsareunusablewithoutthekey.Havingthiskeylockedinhardwarepreventshackersfromstealingacopyofthekeyfromamemorylocation.
Adenial-of-service(DoS)attackcanalsobeperformedwithphysicalaccess.Physicalaccesstothecomputerscanbemuchmoreeffectivethananetwork-basedDoSattack.Stealingacomputer,usingabootdisktoerasealldataonthedrives,orsimplyunpluggingcomputersarealleffectiveDoSattacks.Dependingonthecompany’squalityandfrequencyofbackingupcriticalsystems,aDoSattackusingthesemethodscanhavelastingeffects.Physicalaccesscannegatealmostallthesecuritythatthenetwork
attemptstoprovide.Consideringthis,youmustdeterminethelevelofphysicalaccessthatattackersmightobtain.Ofspecialconsiderationarepersonswithauthorizedaccesstothebuildingbutwhoarenotauthorizedusersofthesystems.Janitorialpersonnelandothershaveauthorizedaccesstomanyareas,buttheydonothaveauthorizedsystemaccess.Anattackercouldposeasoneoftheseindividualsorattempttogainaccesstothefacilitiesthroughthem.
PhysicalSecuritySafeguardsWhileitisdifficult,ifnotimpossible,tomakeanorganization’scomputersystemstotallysecure,manystepscanbetakentomitigatetherisktoinformationsystemsfromaphysicalthreat.Thefollowingsectionsdiscussaccesscontrolmethodsandphysicalsecuritypoliciesandproceduresthatshouldbeimplemented.
WallsandGuardsTheprimarydefenseagainstamajorityofphysicalattacksarethebarriersbetweentheassetsandapotentialattacker—walls,fences,gates,anddoors.Someorganizationsalsoemployfull-orpart-timeprivatesecuritystafftoattempttoprotecttheirassets.Thesebarriersprovidethefoundationuponwhichallothersecurityinitiativesarebased,butthesecuritymustbedesignedcarefully,asanattackerhastofindonlyasinglegaptogainaccess.
ExamTip:Allentrypointstoserverroomsandwiringclosetsshouldbecloselycontrolled,and,ifpossible,accessshouldbeloggedthroughanaccesscontrolsystem.
Wallsmayhavebeenoneofthefirstinventionsofman.Oncehelearnedtousenaturalobstaclessuchasmountainstoseparatehimfromhisenemy,henextlearnedtobuildhisownmountainforthesamepurpose.Hadrian’sWallinEngland,theGreatWallofChina,andtheBerlinWallareallfamousexamplesofsuchbasicphysicaldefenses.Thewallsofanybuildingservethesamepurpose,butonasmallerscale:theyprovidebarrierstophysicalaccesstocompanyassets.Bollardsaresmallandroundconcretepillarsthatareconstructedandplacedaroundabuildingtoprotectitfrombeingdamagedbysomeonedrivingavehicleintothesideofthebuilding,orgettingcloseandusingacarbomb.
Toprotectthephysicalservers,youmustlookinalldirections:Doorsandwindowsshouldbesafeguardedandaminimumnumberofeachshouldbeusedinaserverroom.Lessobviousentrypointsshouldalsobeconsidered:Isadropceilingusedintheserverroom?Dotheinteriorwallsextendtotheactualroof,raisedfloors,orcrawlspaces?Accesstotheserverroomshouldbelimitedtothepeoplewhoneedaccess,nottoallemployeesoftheorganization.Ifyouaregoingtouseawalltoprotectanasset,makesurenoobviousholesappearinthatwall.
Anothermethodofpreventingsurreptitiousaccessisthroughtheuseofwindows.Manyhigh-securityareashaveasignificantnumberofwindowssothatpeople’sactivitieswithintheareacan’tbehidden.Aclosedserverroomwithnowindowsmakesforaquietplaceforsomeonetoachievephysicalaccesstoadevicewithoutworryofbeingseen.Windowsremovethisprivacyelementthatmanycriminalsdependupontoachievetheirentryandillicitactivities.Toomanywindowsmakesiteasytoshouldersurf—balanceisthekey,
FencesOutsideofthebuilding’swalls,manyorganizationsprefertohaveaperimeterfenceasaphysicalfirstlayerofdefense.Chain-link-typefencingismostcommonlyused,anditcanbeenhancedwithbarbedwire.Anti-scalefencing,whichlookslikeverytallverticalpolesplacedclosetogethertoformafence,isusedforhigh-securityimplementationsthatrequireadditionalscaleandtamperresistance.Toincreasesecurityagainstphysicalintrusion,higherfencescanbe
employed.Afencethatisthreetofourfeetinheightwilldetercasualoraccidentaltrespassers.Sixtosevenfeetwilldeterageneralintruder.Todetermoredeterminedintruders,aminimumheightofeightfeetisrecommendedwiththeadditionofbarbedwireorrazorwireontopforextremelevelsofdeterrence.
Guards
Guardsprovideanexcellentsecuritymeasure,becauseguardsareavisiblepresencewithdirectresponsibilityforsecurity.Otheremployeesexpectsecurityguardstobehaveacertainwaywithregardtosecuringthefacility.Guardstypicallymonitorentrancesandexitsandcanmaintainaccesslogsofwhohasenteredanddepartedthebuilding.Inmanyorganizations,everyonewhopassesthroughsecurityasavisitormustsignthelog,whichcanbeusefulintracingwhowasatwhatlocationandwhy.
Thebiggerchallengeassociatedwithcapturingsurveillanceactivitiesorotherattemptedbreak-ineffortsistheirclandestinenature.Theseeffortsaredesignedtobeaslowprofileandnonobviousaspossibletoincreasethechancesofsuccess.Trainingandawarenessisnecessarynotjustforsecuritypersonnelbutforallpersonnel.Ifanemployeehearsmultipleextensionsallstartringinginthemiddleofthenight,dotheyknowwhotonotify?Ifasecurityguardnotessuchactivity,howdoesthisinformationgetreportedtothecorrectteam?
Securitypersonnelarehelpfulinphysicallysecuringthemachinesonwhichinformationassetsreside,buttogetthemostbenefitfromtheirpresence,theymustbetrainedtotakeaholisticapproachtosecurity.Thevalueofdatatypicallycanbemanytimesthatofthemachinesonwhichthedataisstored.Securityguardstypicallyarenotcomputersecurityexperts,sotheyneedtobeeducatedaboutthevalueofthedataandbetrainedinnetworksecurityaswellasphysicalsecurityinvolvingusers.Theyarethecompany’seyesandearsforsuspiciousactivity,sothenetworksecuritydepartmentneedstotrainthemtonoticesuspiciousnetworkactivityaswell.Multipleextensionsringinginsequenceduringthenight,computersrebootingallatonce,orstrangepeopleparkedintheparkinglotwithlaptopcomputersareallindicatorsofanetworkattackthatmightbemissedwithoutpropertraining.Manytraditionalphysicalsecuritytoolssuchasaccesscontrolsand
CCTVcamerasystemsaretransitioningfromclosedhardwiredsystemstoEthernet-andIP-basedsystems.Thistransitionopensupthedevicestonetworkattackstraditionallyperformedoncomputers.WithphysicalsecuritysystemsbeingimplementedusingtheIPnetwork,everyonein
physicalsecuritymustbecomesmarteraboutnetworksecurity.
PhysicalAccessControlsandMonitoringPhysicalaccesscontrolmeanscontrolofdoorsandentrypoints.Thedesignandconstructionofalltypesofaccesscontrolsystems,aswellasthephysicalbarrierstowhichtheyaremostcomplementary,arefullydiscussedinothertexts.Here,weexploreafewimportantpointstohelpyousafeguardtheinformationinfrastructure,especiallywhereitmeetswiththephysicalaccesscontrolsystem.Thissectiontalksaboutphysicallocks,layeredaccesssystems,andelectronicaccesscontrolsystems.Italsodiscussesclosedcircuittelevision(CCTV)systemsandtheimplicationsofdifferentCCTVsystemtypes.
LocksLockshavebeendiscussedasaprimaryelementofsecurity.Althoughlockshavebeenusedforhundredsofyears,theirdesignhasnotchangedmuch:ametal“token”isusedtoalignpinsinamechanicaldevice.Asallmechanicaldeviceshavetolerances,itispossibletosneakthroughthesetolerancesby“picking”thelock.Mostlockscanbeeasilypickedwithsimpletools,someofwhichareshowninFigure8.4.
•Figure8.4Lockpickingtools
Aswehumansarealwaystryingtobuildabettermousetrap,high-securitylockshavebeendesignedtodefeatattacks,suchastheoneshowninFigure8.5;theselocksaremoresophisticatedthanastandardhomedeadboltsystem.Typicallyfoundincommercialapplicationsthatrequirehighsecurity,theselocksaremadetoresistpickinganddrilling,aswellasothercommonattackssuchassimplypoundingthelockthroughthedoor.Anothercommonfeatureofhigh-securitylocksiskeycontrol,whichreferstotherestrictionsplacedonmakingacopyofthekey.Formostresidentiallocks,atriptothehardwarestorewillallowyoutomakeacopyofthekey.Keycontrollocksusepatentedkeywaysthatcanonlybecopiedatalocksmith,whowillkeeprecordsonauthorizedusersofaparticularkey.
•Figure8.5Ahigh-securitylockanditskey
High-endlocksecurityismoreimportantnowthatattackssuchas“bumpkeys”arewellknownandwidelyavailable.Abumpkeyisakeycutwithallnotchestothemaximumdepth,alsoknownas“allnines.”Thiskeyusesatechniquethathasbeenaroundalongtime,buthasrecentlygainedalotofpopularity.Thekeyisinsertedintothelockandthensharplystruck,bouncingthelockpinsupabovetheshearlineandallowingthelocktoopen.High-securitylocksattempttopreventthistypeofattackthroughvariousmechanicalmeanssuchasnontraditionalpinlayout,sidebars,andevenmagnetickeys.Otherphysicallocksincludeprogrammableorcipherlocks;lockswitha
keypadthatrequireacombinationofkeystoopenthelock;andlockswithareaderthatrequireanaccesscardtoopenthelock.Thesemayhavespecialoptionssuchasahostagealarm(supportakeycombinationtotriggeranalarm).Master-keying(supportkeycombinationstochangetheaccesscodeandconfigurethefunctionsofthelock)andkey-overridefunctions(supportkeycombinationstooverridetheusualprocedures)arealsooptionsonhigh-endprogrammablelocks.
ExamTip:Layeredaccessisaformofdefenseindepth,aprinciplecomponentofanystrongsecuritysolution.
Devicelocksareusedtolockadevicetoaphysicalrestraint,preventingitsremoval.Anothermethodofsecuringlaptopsandmobiledevicesisacabletrap,whichallowsausertoaffixacablelocktoasecurestructure.
LayeredAccessLayeredaccessisanimportantconceptinsecurity.Itisoftenmentionedinconversationsaboutnetworksecurityperimeters,butinthischapteritrelatestotheconceptofphysicalsecurityperimeters.Tohelppreventanattackerfromgainingaccesstoimportantassets,theseassetsshouldbeplacedinsidemultipleperimeters.Serversshouldbeplacedinaseparatesecurearea,ideallywithaseparateauthenticationmechanism.Forexample,ifanorganizationhasanelectronicdoorcontrolsystemusingcontactlessaccesscards(suchastheexampleshowninFigure8.6)aswellasakeypad,acombinationofthecardandaseparatePINcodewouldberequiredtoopenthedoortotheserverroom.
•Figure8.6Contactlessaccesscardsactasmodernkeystoabuilding.
Accesstotheserverroomshouldbelimitedtostaffwithalegitimateneedtoworkontheservers.Tolayertheprotection,theareasurrounding
theserverroomshouldalsobelimitedtopeoplewhoneedtoworkinthatarea.
ElectronicAccessControlSystemsManyorganizationsuseelectronicaccesscontrolsystemstocontroltheopeningofdoors.Theuseofproximityreadersandcontactlessaccesscardsprovidesuserinformationtothecontrolpanel.Doorwaysareelectronicallycontrolledviaelectronicdoorstrikesandmagneticlocks.Thesedevicesrelyonanelectronicsignalfromthecontrolpaneltoreleasethemechanismthatkeepsthedoorclosed.Thesedevicesareintegratedintoanaccesscontrolsystemthatcontrolsandlogsentryintoallthedoorsconnectedtoit,typicallythroughtheuseofaccesstokens.Securityisimprovedbyhavingacentralizedsystemthatcaninstantlygrantorrefuseaccessbaseduponaccesslistsandthereadingofatokenthatisgiventotheuser.Thiskindofsystemalsologsuseraccess,providingnonrepudiationofaspecificuser’spresenceinacontrolledenvironment.Thesystemwillallowloggingofpersonnelentry,auditingofpersonnelmovements,andreal-timemonitoringoftheaccesscontrols.
ExamTip:Amantrapdoorarrangementcanpreventunauthorizedpeoplefromfollowingauthorizedusersthroughanaccess-controlleddoor,whichisalsoknownas“tailgating.”
Onecautionaboutthesekindsofsystemsisthattheyusuallyworkwithasoftwarepackagethatrunsonacomputer,andassuchthiscomputershouldnotbeattachedtothecompanynetwork.Whileattachingittothenetworkcanalloweasyadministration,thelastthingyouwantisforanattackertohavecontrolofthesystemthatallowsphysicalaccesstoyourfacility.Withthiscontrol,anattackercouldinputtheIDofabadgethatsheowns,allowingfull,legitimateaccesstoanareathesystemcontrols.Anotherproblemwithsuchasystemisthatitlogsonlythepersonwhoinitiallyusedthecardtoopenthedoor—sonologsexistfordoorsthatare
proppedopentoallowothersaccess,orofpeople“tailgating”throughadooropenedwithacard.Theimplementationofamantrapisonewaytocombattailgating.Amantrapcomprisestwodoorscloselyspacedthatrequiretheusertocardthroughoneandthentheothersequentially.Mantrapsmakeitnearlyimpossibletotrailthroughadoorwayundetected—ifyouhappentocatchthefirstdoor,youwillbetrappedinbytheseconddoor.
DoorsDoorstosecuredareasshouldhavecharacteristicstomakethemlessobvious.Theyshouldhavesimilarappearancetotheotherdoorstoavoidcatchingtheattentionofintruders.Securitydoorsshouldbeself-closingandhavenohold-openfeature.Theyshouldtriggeralarmsiftheyareforciblyopenedorhavebeenheldopenforalongperiod.
ExamTip:Afail-soft(orfail-safe)lockisunlockedinapowerinterruption.Afail-securelockislockedinapowerinterruption.
Doorsystems,likemanysystems,havetwodesignmethodologies:fail-safeorfail-secure.Whilefail-safeisacommonenoughphrasetohaveenteredthelexicon,thinkaboutwhatitreallymeans—beingsafewhenasystemfails.Inthecaseoftheseelectronicdoorsystems,fail-safemeansthatthedoorisunlockedshouldpowerfail.Tofail-securemeansthatthesystemwilllockthedoorwhenpowerislost.Thiscanalsoapplywhendoorsystemsaremanuallybypassed.Itisimportanttoknowhoweachdoorwillreacttoasystemfailure,notonlyforsecuritybutalsoforfirecodecompliance,asfail-secureisnotallowedforcertaindoorsinabuilding.
Cameras
Closedcircuittelevision(CCTV)camerasaresimilartothedoorcontrolsystems—theycanbeveryeffective,buthowtheyareimplementedisanimportantconsideration.TheuseofCCTVcamerasforsurveillancepurposesdatesbacktoatleast1961,whencameraswereinstalledintheLondonTransporttrainstation.ThedevelopmentofsmallerandmoresophisticatedcameracomponentsanddecreasingpricesforthecamerashavecausedaboonintheCCTVindustrysincethen.CCTVcamerasareusedtomonitoraworkplaceforsecuritypurposes.
Thesesystemsarecommonplaceinbanksandjewelrystores,placeswithhigh-valuemerchandisethatisattractivetothieves.Astheexpenseofthesesystemsdropped,theybecamepracticalformanymoreindustrysegments.Traditionalcamerasareanalogbasedandrequireavideomultiplexertocombineallthesignalsandmakemultipleviewsappearonamonitor.IP-basedcamerasarechangingthat,asmostofthemarestandaloneunitsviewablethroughawebbrowser,suchasthecamerashowninFigure8.7.
•Figure8.7IP-basedcamerasleverageexistingIPnetworksinsteadofneedingaproprietaryCCTVcable.
TechTip
PTZCamerasPan-tilt-zoom(PTZ)camerasarecamerasthathavethefunctionalitytoenablecameramovementinmultipleaxes,aswellastheabilitytozoominonanitem.Thesecamerasprovideadditionalcapability,especiallyinsituationswherethevideoismonitoredandthe
monitoringstationcanmaneuverthecamera.
TheseIP-basedsystemsaddusefulfunctionality,suchastheabilitytocheckonthebuildingfromtheInternet.Thisnetworkfunctionality,however,makesthecamerassubjecttonormalIP-basednetworkattacks.ADoSattacklaunchedattheCCTVsystemjustasabreak-inisoccurringisthelastthingthatanyonewouldwant(otherthanthecriminals).Forthisreason,IP-basedCCTVcamerasshouldbeplacedontheirownseparatenetworkthatcanbeaccessedonlybysecuritypersonnel.ThesamephysicalseparationappliestoanyIP-basedcamerainfrastructure.Oldertime-lapsetaperecordersareslowlybeingreplacedwithdigitalvideorecorders.Whiletheadvanceintechnologyissignificant,becarefulifandwhenthesedevicesbecomeIP-enabled,sincetheywillbecomeasecurityissue,justlikeeverythingelsethattouchesthenetwork.IfyoudependontheCCTVsystemtoprotectyourorganization’s
assets,carefullyconsidercameraplacementandthetypeofcamerasused.Differentiristypes,focallengths,andcolororinfraredcapabilitiesarealloptionsthatmakeonecamerasuperiortoanotherinaspecificlocation.
AlarmsThereareseveraltypesofalarmsystems.Localalarmsystemsringonlylocally.Acentralstationsystemisonewherealarms(andCCTV)aremonitoredbyacentralstation.Manyalarmswillhaveauxiliaryorsecondaryreportingfunctionstolocalpoliceorfiredepartments.Alarmsworkbyalertingpersonneltothetriggeringofspecificmonitoringcontrols.Typicalcontrolsincludethefollowing:
Drycontactswitchesusemetallicfoiltapeasacontactdetectortodetectwhetheradoororwindowisopened.
Electro-mechanicaldetectionsystemsdetectachangeorbreakinacircuit.Theycanbeusedasacontactdetectortodetectwhetheradoororwindowisopened.
Vibrationdetectionsystemsdetectmovementonwalls,ceiling,floors,andsoforthbyvibration.
Pressurematsdetectwhethersomeoneissteppingonthemat.
Photoelectricorphotometricdetectionsystemsemitabeamoflightandmonitorthebeamtodetectformotionandbreak-in.
Wavepatternmotiondetectorsgeneratemicrowaveorultrasonicwaveandmonitortheemittedwavestodetectformotion.
Passiveinfrareddetectionsystemsdetectchangesofheatwavesgeneratedbyanintruder.
Audiooracoustical-seismicdetectionsystemslistenforchangesinnoiselevels.
Proximitydetectorsorcapacitancedetectorsemitamagneticfieldandmonitorthefieldtodetectanyinterruption.
ConvergenceThereisatrendtoconvergeelementsofphysicalandinformationsecuritytoimproveidentificationofunauthorizedactivityonnetworks.Ifaaccesscontrolsystemisaskedtoapproveaccesstoaninsiderusinganoutsideaddress,yetthephysicalsecuritysystemidentifiesthemasbeinginthebuilding,thenananomalyexistsandshouldbeinvestigated.Thistrendiscalledconvergenceandcansignificantlyimprovedefensesagainstclonedcredentials.
PoliciesandProceduresApolicy’seffectivenessdependsonthecultureofanorganization,soallofthepoliciesmentionedhereshouldbefollowedupbyfunctionalproceduresthataredesignedtoimplementthem.Physicalsecuritypoliciesandproceduresrelatetotwodistinctareas:thosethataffectthecomputersthemselvesandthosethataffectusers.
Tomitigatetherisktocomputers,physicalsecurityneedstobeextendedtothecomputersthemselves.Tocombatthethreatofbootdisks,beginbyremovingordisablingtheabilityofasystemtoautomaticallyplayconnecteddevices,suchasUSBflashdrives.Otheractivitiesthattypicallyrequirephysicalpresenceshouldbeprotected,suchasaccesstoasystem’sBIOSatbootup.
TryThis!ExploringYourBIOSSettingsNexttimeyoubootyourPC,exploretheBIOSsettings.Usually,pressingtheF2keyimmediatelyonpower-upwillallowyoutoentertheBIOSsetupscreens.MostPCswillalsohaveabrieftimewhentheypromptfor“Setup”andgiveakeytopress,mostcommonlyF2,orF12.Exploreelementssuchasthebootorderfordevices,optionsforaddingpasswords,andotheroptions.Forsafety,donotsavechangesunlessyouareabsolutelycertainthatyouwanttomakethosechangesandareawareoftheconsequences.Topreventanattackerfromeditingthebootorder,youshouldsetBIOSpasswords.
BIOSAsafeguardthatcanbeemployedistheremovalofremovablemediadevicesfromthebootsequenceinthecomputer’sBIOS(basicinput/outputsystem).ThespecificsofthisoperationdependontheBIOSsoftwareoftheindividualmachine.ArelatedstepthatmustbetakenistosetaBIOSpassword.NearlyallBIOSsoftwarewillsupportpasswordprotectionthatallowsyoutobootthemachinebutrequiresapasswordtoeditanyBIOSsettings.WhiledisablingtheopticaldriveandsettingaBIOSpasswordarebothgoodmeasures,donotdependonthisstrategyexclusivelybecause,insomecases,BIOSmanufacturerswillhaveadefaultBIOSpasswordthatstillworks.
DependinguponBIOSpasswordsisalsonotaguaranteedsecuritymeasure.Formanymachines,
itistrivialtoremoveandthenreplacetheBIOSbattery,whichwillresettheBIOStothe“nopassword”ordefaultpasswordstate.
UEFIUnifiedExtensibleFirmwareInterface(UEFI)isastandardfirmwareinterfaceforPCs,designedtoreplaceBIOS.SupportedbyMacOSX,Linux(laterversions),andWindows8andbeyond,UEFIofferssomesignificantsecurityadvantages.UEFIhasafunctionalityknownassecureboot,whichallowsonlydigitallysigneddriversandOSloaderstobeusedduringthebootprocess,preventingbootkitattacks.AsUEFIisreplacingBIOS,andhasadditionalcharacteristics,itisimportanttokeeppoliciesandprocedurescurrentwiththeadvancementoftechnology.
ExamTip:USBdevicescanbeusedtoinjectmaliciouscodeontoanymachinetowhichtheyareattached.Theycanbeusedtotransportmaliciouscodefrommachinetomachinewithoutusingthenetwork.
USBUSBportshavegreatlyexpandedusers’abilitytoconnectdevicestotheircomputers.USBportsautomaticallyrecognizeadevicebeingpluggedintothesystemandusuallyworkwithouttheuserneedingtoadddriversorconfiguresoftware.ThishasspawnedalegionofUSBdevices,fromMP3playerstoCDburners.Themostinterestingofthese,forsecuritypurposes,aretheUSBflash
memory–basedstoragedevices.USBdrivekeys,whicharebasicallyflashmemorywithaUSBinterfaceinadevicetypicallyaboutthesizeofyourthumb,provideawaytomovefileseasilyfromcomputertocomputer.WhenpluggedintoaUSBport,thesedevicesautomountandbehavelikeanyotherdriveattachedtothecomputer.Theirsmallsizeandrelativelylargecapacity,coupledwithinstantread-writeability,presentsecurity
problems.Theycaneasilybeusedbyanindividualwithmaliciousintenttoconcealtheremovaloffilesordatafromthebuildingortobringmaliciousfilesintothebuildingandontothecompanynetwork.
Laptopsandtabletsarepopulartargetsforthievesandshouldbelockedinsideadeskwhennotinuse,orsecuredwithspecialcomputerlockdowncables.Ifdesktoptowersareused,usecomputerdesksthatprovideaspaceinwhichtolockthecomputer.Allofthesemeasurescanimprovethephysicalsecurityofthecomputersthemselves,butmostofthemcanbedefeatedbyattackersifusersarenotknowledgeableaboutthesecurityprogramanddonotfollowit.
Inaddition,well-intentioneduserscouldaccidentallyintroducemaliciouscodefromUSBdevicesbyusingthemonaninfectedhomemachineandthenbringingtheinfecteddevicetotheoffice,allowingthemalwaretobypassperimeterprotectionsandpossiblyinfecttheorganization.IfUSBdevicesareallowed,aggressivevirusscanningshouldbeimplementedthroughouttheorganization.ThedevicescanbedisallowedviaActiveDirectorypolicysettingsorwithaWindowsRegistrykeyentry.USBcanalsobecompletelydisabled,eitherthroughBIOSsettingsorbyunloadinganddisablingtheUSBdriversfromusers’machines,eitherofwhichwillstopallUSBdevicesfromworking—however,doingthiscancreatemoretroubleifusershaveUSBkeyboardsandmice.TherearetwocommonwaystodisableUSBsupportinaWindowssystem.Onoldersystems,editingtheRegistrykeyisprobablythemosteffectivesolutionforuserswhoarenotauthorizedtousethesedevices.Onnewersystems,thebestwayisthroughGroupPolicyinadomainorthroughtheLocalSecurityPolicyMMConastand-alonebox.
AutoplayAnotherbootdevicetoconsideristheCD/DVDdrive.Thisdevicecanprobablyalsoberemovedfromordisabledonanumberofmachines.ADVDnotonlycanbeusedasabootdevice,butalsocanbeexploitedvia
theautoplayfeaturethatsomeoperatingsystemssupport.Autoplaywasdesignedasaconvenienceforusers,sothatwhenaCD/DVDorUSBcontaininganapplicationisinserted,thecomputerinstantlypromptsforinputversusrequiringtheusertoexplorethedevicefilesystemandfindtheexecutablefile.Unfortunately,sincetheautoplayfunctionalityrunsanexecutable,itcanbeprogrammedtodoanythinganattackerwants.Ifanautoplayexecutableismalicious,itcouldallowanattackertogainremotecontrolofthemachine.Figure8.8illustratesanautoplaymessagepromptinWindows,givingauseratleastminimalcontroloverwhethertorunanitemornot.
•Figure8.8AutoplayonaWindowssystem
Sincetheopticaldrivecanbeusedasabootdevice,aDVDloadedwith
itsownoperatingsystem(calledaLiveCD,introducedearlierinthechapter)couldbeusedtobootthecomputerwithmalicioussystemcode(seeFigure8.9).Thisseparateoperatingsystemwillbypassanypasswordsonthehostmachineandcanaccesslocallystoredfiles.
•Figure8.9ALiveCDbootsitsownOSandbypassesanybuilt-insecurityofthenativeoperatingsystem.
TechTip
DisablingtheAutoplayFeatureinWindowsDisablingtheautoplayfeatureisaneasytaskusingLocalGroupPolicyEditorinWindows.SimplylaunchtheLocalGroupPolicyEditor(gpedit.msc)andnavigatetothislocation:
ComputerConfiguration>AdministrativeTemplates>WindowsComponents>AutoPlayPolicies
DeviceTheftTheoutrighttheftofacomputerisasimplephysicalattack.Thisattackcanbemitigatedinanumberofways,butthemosteffectivemethodistolockupequipmentthatcontainsimportantdata.Insurancecancoverthelossofthephysicalequipment,butthiscandolittletogetabusinessupandrunningagainquicklyafteratheft.Therefore,implementingspecialaccesscontrolsforserverroomsandsimplylockingtherackcabinetswhenmaintenanceisnotbeingperformedaregoodwaystosecureanarea.Fromadatastandpoint,mission-criticalorhigh-valueinformationshouldbestoredonaserveronly.Thiscanmitigatetheriskofadesktoporlaptopbeingstolenforthedataitcontains.Lossoflaptopshasbeenacommoncauseofinformationbreaches.
Mobiledevicetheftsfromcarsandotherlocationscanoccurinseconds.Thieveshavebeencaughttakingmobiledevicesfromsecurityscreeningareasatairportswhiletheownerwasdistractedinscreening.Snatchandgrabattacksoccurinrestaurants,bars,andcafes.Tabletsandsmartphoneshavesignificantvalueandphysicalprecautionsshouldbetakenatalltimes.
CrossCheckMobileDeviceSecurityMobiledevicesecurityiscoveredindepthinChapter14.Foramoredetailedanalysisofsafeguardsuniquetomobiledevices,pleaserefertothatsectionofthetext.
Userscanperformoneofthemostsimple,yetimportant,informationsecuritytasks:lockaworkstationimmediatelybeforetheystepawayfromit.
Althoughuseofaself-lockingscreensaverisagoodpolicy,settingittolockatanypointlessthan10to15minutesafterbecomingidleisoftenconsideredanuisanceandcounterproductivetoactiveuseofthecomputeronthejobasthecomputerwilloftenlockwhiletheemployeeisstillactivelyusingthecomputer.Thus,computerstypicallysitidleforatleast15minutesbeforeautomaticallylockingunderthistypeofpolicy.Usersshouldmanuallylocktheirworkstations,asanattackeronlyneedstobeluckyenoughtocatchamachinethathasbeenleftalonefor5minutes.
BTUstandsforBritishThermalUnit;asingleBTUisdefinedastheamountofenergyrequiredtoraisethetemperatureofonepoundofliquidwateronedegreeFahrenheit.
EnvironmentalControlsWhiletheconfidentialityofinformationisimportant,soisitsavailability.Sophisticatedenvironmentalcontrolsareneededforcurrentdatacenters.Serverscangeneratelargelevelsofheat,andmanagingtheheatisthejoboftheenvironmentalcontrol.Controllingadatacenter’stemperatureandhumidityisimportantto
keepingserversrunning.Heatingventilatingandairconditioning(HVAC)systemsarecriticalforkeepingdatacenterscool,becausetypicalserversputoutbetween1000and2000BTUsofheat.Thetemperatureofadatacentershouldbemaintainedbetween70and74degreesFahrenheit(°F).Ifthetemperatureistoolow,itmaycausemechanismstoslowdown.Ifthetemperatureistoohigh,itmaycauseequipmentdamage.Thetemperature-damagingpointsofdifferentproductsareasfollows:
Magneticmedia:100°F
Computerhardware:175°F
Paperproducts:350°F
Itshouldbenotedthatthesearetemperaturesofthematerials;thesurroundingairisfrequentlycooler.Temperaturemeasurementsshouldbeobtainedonequipmentitselftoensureappropriateprotection.Multipleserversinaconfinedareacancreateconditionstoohotforthe
machinestocontinuetooperate.Thisproblemismadeworsewiththeadventofblade-stylecomputingsystemsandwithmanyotherdevicesshrinkinginsize.Whilephysicallysmaller,theytendtostillexpelthesameamountofheat.Thisisknownasincreaseddatacenterdensity—moreserversanddevicesperrack,puttingagreaterloadonthecoolingsystems.Thisencouragestheuseofahotaisle/coldaislelayout.Adatacenterthatisarrangedintohotandcoldaislesdictatesthatalltheintakefansonallequipmentfacethecoldaisle,andtheexhaustfansallfacetheoppositeaisle.TheHVACsystemisthendesignedtopushcoolairunderneaththeraisedfloorandupthroughperforatedtilesonthecoldaisle.HotairfromthehotaisleiscapturedbyreturnairductsfortheHVACsystem.Theuseofthislayoutisdesignedtocontrolairflow,withthepurposebeingnevertomixthehotandcoldair.Thisrequirestheuseofblockingplatesandsideplatestocloseopenrackslots.Thebenefitsofthisarrangementarethatcoolingismoreefficientandcanhandlehigherdensity.ThefailureofHVACsystemsforanyreasoniscauseforconcern.RisingcopperpriceshavemadeHVACsystemsthetargetsforthieves,andgeneralvandalismcanresultincostlydowntime.ProperlysecuringthesesystemsisimportantinhelpingpreventanattackerfromperformingaphysicalDoSattackonyourservers.
FireSuppressionAccordingtotheFireSuppressionSystemsAssociation(www.fssa.net),43percentofbusinessesthatcloseasaresultofasignificantfireneverreopen.Anadditional29percentfailwithinthreeyearsoftheevent.Theabilitytorespondtoafirequicklyandeffectivelyisthuscriticaltothelong-termsuccessofanyorganization.Addressingpotentialfirehazardsandvulnerabilitieshaslongbeenaconcernoforganizationsintheirrisk
analysisprocess.Thegoalobviouslyshouldbenevertohaveafire,butintheeventthatonedoesoccur,itisimportantthatmechanismsareinplacetolimitthedamagethefirecancause.
TechTip
EnvironmentandFiresWhileitmayatfirstseemtothesecurityprofessionalthatenvironmentalcontrolsandnaturaldisasterssuchasfiresdon’thaveanythingtodowithcomputersecurity,thinkofitintermsofavailability.Ifthegoaloftheattackerisnotinformationbutrathertodenyanorganizationtheuseofitsresources,environmentalfactors,anddisasterssuchasfires,canbeusedtodenythetargettheuseofitsowncomputingresources.This,then,becomesasecurityissueaswellasanoperationalissue.
Water-BasedFireSuppressionSystemsWater-basedfiresuppressionsystemshavelongbeen,andstillaretoday,theprimarytooltoaddressandcontrolstructuralfires.Consideringtheamountofelectricalequipmentfoundintoday’sofficeenvironmentandthefactthat,forobviousreasons,thisequipmentdoesnotreactwelltolargeapplicationsofwater,itisimportanttoknowwhattodowithequipmentifitdoesbecomesubjectedtoawater-basedsprinklersystem.TheNationalFireProtectionAssociation’s2013NFPA75:StandardfortheProtectionofInformationTechnologyEquipmentoutlinesmeasuresthatcanbetakentominimizethedamagetoelectronicequipmentexposedtowater.Thisguidanceincludesthesesuggestions:
Opencabinetdoors,removesidepanelsandcovers,andpulloutchassisdrawerstoallowwatertorunoutofequipment.
Setupfanstomoveroom-temperatureairthroughtheequipmentforgeneraldrying.Moveportableequipmenttodryair-conditionedareas.
Usecompressedairatnohigherthan50psitoblowouttrappedwater.
Usehandhelddryersonlowestsettingtodryconnectors,backplanewirewraps,andprintedcircuitcards.
Usecotton-tippedswabsforhard-to-reachplaces.Lightlydabthesurfacestoremoveresidualmoisture.
Keepthedryerswellawayfromcomponentsandwires.Overheatingofelectricalcomponentscancausepermanentdamage.
Eveniftheseguidelinesarefollowed,damagetothesystemsmayhavealreadyoccurred.Sincewaterissodestructivetoelectronicequipment,notonlybecauseoftheimmediateproblemsofelectronicshortstothesystembutalsobecauseoflonger-termcorrosivedamagewatercancause,alternativefiresuppressionmethodshavebeensought.
Halon-BasedFireSuppressionSystemsAfireneedsfuel,oxygen,andhightemperaturesforthechemicalcombustiontooccur.Ifyouremoveanyofthese,thefirewillnotcontinue.Haloninterfereswiththechemicalcombustionpresentinafire.Eventhoughhalonproductionwasbannedin1994,anumberofthesesystemsstillexisttoday.Theywereoriginallypopularbecausehalonwillmixquicklywiththeairinaroomandwillnotcauseharmtocomputersystems.Halonis,however,dangeroustohumans,especiallywhensubjectedtoextremelyhottemperatures(suchasmightbefoundduringafire),whenitcandegradeintoothertoxicchemicals.Asaresultofthesedangers,andalsobecausehalonhasbeenlinkedwiththeissueofozonedepletion,halonisbannedinnewfiresuppressionsystems.ItisimportanttonotethatundertheEnvironmentalProtectionAgency(EPA)rulesthatmandatednofurtherproductionofhalon,existingsystemswerenotrequiredtobedestroyed.Replacingthehaloninadischargedsystem,
however,willbeaproblem,sinceonlyexistingstockpilesofhalonmaybeusedandthecostisbecomingprohibitive.Forthisreason,manyorganizationsareswitchingtoalternativesolutions.
TechTip
DrillsIntheeventofanemergency,peoplewillbechallengedtoperformcorrectactionswhenstressedbytheemergency.Theuseofdrills,plans,andtestingwillensurethatescapeplansandescaperoutesareknownandeffectiveandthatpeoplearefamiliarwiththeiruse.Thetimetopracticeisbeforetheproblem,andrepeatingpracticeovertimebuildsconfidenceandstrengthensfamiliarity.
Clean-AgentFireSuppressionSystemsThesealternativesareknownasclean-agentfiresuppressionsystems,sincetheynotonlyprovidefiresuppressioncapabilitiesbutalsoprotectthecontentsoftheroom,includingpeople,documents,andelectronicequipment.Examplesofcleanagentsincludecarbondioxide,argon,Inergen,andFM-200(heptafluoropropane).Carbondioxide(CO2)hasbeenusedasafiresuppressionagentforalongtime.TheBellTelephoneCompanyusedportableCO2extinguishersintheearlypartofthe20thcentury.Carbondioxideextinguishersattackallthreenecessaryelementsforafiretooccur.CO2displacesoxygensothattheamountofoxygenremainingisinsufficienttosustainthefire.Italsoprovidessomecoolinginthefirezoneandreducestheconcentrationof“gasified”fuel.Argonextinguishesfirebyloweringtheoxygenconcentrationbelowthe15percentlevelrequiredforcombustibleitemstoburn.Argonsystemsaredesignedtoreducetheoxygencontenttoabout12.5percent,whichisbelowthe15percentneededforthefirebutisstillabovethe10percentrequiredbytheEPAforhumansafety.Inergen,aproductofAnsulCorporation,iscomposedofthreegases:52percentnitrogen,40percent
argon,and8percentcarbondioxide.Inamannersimilartopureargonsystems,Inergensystemsreducethelevelofoxygentoabout12.5percent,whichissufficientforhumansafetybutnotsufficienttosustainafire.Anotherchemicalusedinthephase-outofhalonisFE-13,ortrifluoromethane.Thischemicalwasoriginallydevelopedasachemicalrefrigerantandworkstosuppressfiresbyinhibitingthecombustionchainreaction.FE-13isgaseous,leavesbehindnoresiduethatwouldharmequipment,andisconsideredsafetouseinoccupiedareas.Otherhalocarbonsarealsoapprovedforuseinreplacinghalonsystems,includingFM-200(heptafluoropropane),achemicalusedasapropellantforasthmamedicationdispensers.
HandheldFireExtinguishersAutomaticfiresuppressionsystemsdesignedtodischargewhenafireisdetectedarenottheonlysystemsyoushouldbeawareof.Ifafirecanbecaughtandcontainedbeforetheautomaticsystemsdischarge,itcanmeansignificantsavingstotheorganizationintermsofbothtimeandequipmentcosts(includingtherechargingoftheautomaticsystem).Handheldextinguishersarecommoninoffices,butthecorrectuseofthemmustbeunderstoodordisastercanoccur.Therearefourdifferenttypesoffire,asshowninTable8.1.Eachtypeoffirehasitsownfuelsourceandmethodforextinguishingit.TypeAsystems,forexample,aredesignedtoextinguishfireswithnormalcombustiblematerialasthefire’ssource.Watercanbeusedinanextinguisherofthissort,sinceitiseffectiveagainstfiresofthistype.Water,aswe’vediscussed,isnotappropriateforfiresinvolvingwiringorelectricalequipment.UsingatypeAextinguisheragainstanelectricalfirewillnotonlybeineffectivebutcanresultinadditionaldamage.Someextinguishersaredesignedtobeeffectiveagainstmorethanonetypeoffire,suchasthecommonABCfireextinguishers.Thisisprobablythebesttypeofsystemtohaveinadataprocessingfacility.Allfireextinguishersshouldbeeasilyaccessibleandshouldbeclearlymarked.Beforeanybodyusesanextinguisher,theyshouldknow
whattypeofextinguisheritisandwhatthesourceofthefireis.Whenindoubt,evacuateandletthefiredepartmenthandlethesituation.
Table8.1 TypesofFireandSuppressionMethods
ExamTip:Thetypeoffiredistinguishesthetypeofextinguisherthatshouldbeusedtosuppressit.RememberthatthemostcommontypeistheABCfireextinguisher,whichisdesignedtohandlealltypesoffiresexceptflammable-metalfires,whicharerare.
TryThis!HandheldFireExtinguishersComputersecurityprofessionalstypicallydonothavemuchinfluenceoverthetypeoffiresuppressionsystemthattheirofficeincludes.Itis,however,importantthattheyareawareofwhattypehasbeeninstalled,whattheyshoulddoincaseofanemergency,andwhatneedstobedonetorecoverafterthereleaseofthesystem.Oneareathattheycaninfluence,however,isthetypeofhandheldfireextinguisherthatislocatedintheirarea.Checkyourfacilitytoseewhattypeoffiresuppressionsystemisinstalled.Alsochecktoseewherethefireextinguishersareinyourofficeandwhattypeoffirestheyaredesignedtohandle.
FireDetectionDevicesAnessentialcomplementtofiresuppressionsystemsanddevicesarefiredetectiondevices(firedetectors).Detectorsmaybeabletodetectafireinitsveryearlystages,beforeafiresuppressionsystemisactivated,andsoundawarningthatpotentiallyenablesemployeestoaddressthefirebeforeitbecomesseriousenoughforthefiresuppressionequipmenttokickin.Thereareseveraldifferenttypesoffiredetectors.Onetype,ofwhich
therearetwovarieties,isactivatedbysmoke.Thetwovarietiesofsmokedetectorareionizationandphotoelectric.Aphotoelectricdetectorisgoodforpotentiallyprovidingadvancewarningofasmolderingfire.Thistypeofdevicemonitorsaninternalbeamoflight.Ifsomethingdegradesthelight,forexamplebyobstructingit,thedetectorassumesitissomethinglikesmokeandthealarmsounds.Anionizationstyleofdetectorusesanionizationchamberandasmallradioactivesourcetodetectfast-burningfires.ShowninFigure8.10,thechamberconsistsoftwoplates,onewithapositivechargeandonewithanegativecharge.Oxygenandnitrogenparticlesintheairbecome“ionized”(anionisfreedfromthemolecule).Thefreedion,whichhasanegativecharge,isattractedtothepositiveplate,andtheremainingpartofthemolecule,nowwithapositivecharge,isattractedtothenegativeplate.Thismovementofparticlescreatesaverysmallelectriccurrentthatthedevicemeasures.Smokeinhibitsthisprocess,andthedetectorwilldetecttheresultingdropincurrentandsoundanalarm.Bothofthesedevicesareoftenreferredtogenericallyassmokedetectors,andcombinationsofbothvarietiesarepossible.Formoreinformationonsmokedetectors,seehttp://home.howstuffworks.com/home-improvement/household-safety/fire/smoke2.htm.
•Figure8.10Anionizationchamberforanionizationtypeofsmokedetector
TechTip
TestingControlsBecauseoftheimportanceoftheirprotection,safetycontrolsshouldbeperiodicallytestedforproperoperationandalerting.Thisshouldbeasystem-level,notdevice-level,testtoensuretheentirecontrolsystemperformsintheintendedmanner.
Anothertypeoffiredetectorisactivatedbyheat.Thesedevicesalsocomeintwovarieties.Fixed-temperatureorfixed-pointdevicesactivateifthetemperatureintheareaeverexceedssomepredefinedlevel.Rate-of-riseorrate-of-increasetemperaturedevicesactivatewhenthereisasuddenincreaseinlocaltemperaturethatmayindicatethebeginningstagesofafire.Rate-of-risesensorscanprovideanearlierwarningbutarealsoresponsibleformorefalsewarnings.Athirdtypeofdetectorisflameactivated.Thistypeofdevicerelieson
theflamesfromthefiretoprovideachangeintheinfraredenergythatcan
bedetected.Flame-activateddevicesaregenerallymoreexpensivethantheothertwotypesbutcanfrequentlydetectafiresooner.
PowerProtectionComputersystemsrequirecleanelectricalpower,andforcriticalsystems,uninterruptedpowercanbeimportantaswell.Thereareseveralelementsusedtomanagethepowertosystems,includinguninterruptiblepowersuppliesandbackuppowersystems.
TechTip
UPSAttributesUPSsystemshaveseveralattributestoconsider:
Theelectricalloadtheycansupport(measuredinkVA)
ThelengthoftimetheycansupporttheloadThespeedofprovidingpowerwhenthereisapowerfailure
Thephysicalspacetheyoccupy
UPSAnuninterruptiblepowersupply(UPS)isusedtoprotectagainstshort-durationpowerfailures.TherearetwotypesofUPS,onlineandstandby.AnonlineUPSisincontinuoususebecausetheprimarypowersourcegoesthroughittotheequipment.ItusesAClinevoltagetochargeabankofbatteries.Whentheprimarypowersourcefails,aninverterintheUPSwillchangeDCofthebatteriesintoAC.AstandbyUPShassensorstodetectpowerfailures.Ifthereisapowerfailure,theloadwillbeswitchedtotheUPS.Itstaysinactivebeforeapowerfailure,andtakesmoretimethananonlineUPStoprovidepowerwhentheprimarysourcefails.
BackupPowerandCableShieldingBackuppowersources,suchasamotorgenerator,anotherelectricalsubstation,andsoon,areusedtoprotectagainstalong-durationpowerfailure.Avoltageregulatorandlineconditionerareusedtoprotectagainstunstablepowersupplyandspikes.Propergroundingisessentialforallelectricaldevicestoprotectagainstshortcircuitsandstaticelectricity.Inmoresensitiveareas,cableshieldingcanbeemployedtoavoid
interference.Powerlinemonitoringcanbeusedtodetectchangesinfrequencyandvoltageamplitude,warningofbrownoutsorspikes.Anemergencypoweroff(EPO)switchcanbeinstalledtoallowforthequickshutdownofpowerwhenrequired.Topreventelectromagneticinterferenceandvoltagespikes,electricalcablesshouldbeplacedawayfrompowerfulelectricalmotorsandlighting.Anothersourceofpower-inducedinterferencecanbefluorescentlighting,whichcancauseradiofrequencyinterference.
ElectromagneticInterferenceElectromagneticinterference,orEMI,canplagueanytypeofelectronics,butthedensityofcircuitryinthetypicaldatacentercanmakeitahavenforEMI.EMIisdefinedasthedisturbanceonanelectricalcircuitcausedbythatcircuit’sreceptionofelectromagneticradiation.Magneticradiationentersthecircuitbyinduction,wheremagneticwavescreateachargeonthecircuit.Theamountofsensitivitytothismagneticfielddependsonanumberoffactors,includingthelengthofthecircuit,whichcanactlikeanantenna.EMIisgroupedintotwogeneraltypes:narrowbandandbroadband.NarrowbandEMIis,byitsnature,electromagneticenergywithasmallfrequencybandand,therefore,typicallysourcedfromadevicethatispurposefullytransmittinginthespecifiedband.BroadbandEMIcoversawiderarrayoffrequenciesandistypicallycausedbysometypeofgeneralelectricalpowerusesuchaspowerlinesorelectricmotors.IntheUnitedStates,theFederalCommunicationsCommissionhas
responsibilityforregulatingproductsthatproduceEMIandhasdevelopedaprogramforequipmentmanufacturerstoadheretostandardsforEMIimmunity.ModerncircuitryisdesignedtoresistEMI.Cablingisagoodexample;thetwistinunshieldedtwistedpair,orCategory6/6a,cableistheretoreduceEMI.EMIisalsocontrolledbymetalcomputercasesthataregrounded;byprovidinganeasypathtoground,thecaseactsasanEMIshield.AbiggerexamplewouldbeaFaradaycageorFaradayshield,whichisanenclosureofconductivematerialthatisgrounded.Thesecanberoomsizedorbuiltintoabuilding’sconstruction;thecriticalelementisthatthereisnosignificantgapintheenclosurematerial.ThesemeasurescanhelpshieldEMI,especiallyinhighradiofrequencyenvironments.WhilewehavetalkedabouttheshieldingnecessarytokeepEMI
radiationoutofyourcircuitry,thereisalsotechnologytotryandhelpkeepitin.KnownbysomeasTEMPEST,itisalsoknownasVanEckemissions.Acomputer’smonitororLCDdisplayproduceselectromagneticradiationthatcanberemotelyobservedwiththecorrectequipment.TEMPESTwasthecodewordforanNSAprogramtosecureequipmentfromthistypeofeavesdropping.WhilesomeoftheinformationaboutTEMPESTisstillclassified,thereareguidesontheInternetthatdescribeprotectivemeasures,suchasshieldingandelectromagnetic-resistantenclosures.Acompanyhasevendevelopedacommercialpaintthatoffersradiofrequencyshielding.
TechTip
MasterKeysMechanicalkeyingsystemswithindustrial-gradelockshaveprovisionsformultiplemasterkeys.Thisallowsindividualmasterkeystobedesignatedbyfloor,bydepartment,bythewholebuilding,andsoforth.Thisprovidestremendousflexibility,althoughifamasterkeyislost,significantrekeyingwillberequired.
ElectronicAccessControlSystemsAccesstokensaredefinedas“somethingyouhave.”Anaccesstokenisaphysicalobjectthatidentifiesspecificaccessrights.Accesstokensarefrequentlyusedforphysicalaccesssolutions,justasyourhousekeyisabasicphysicalaccesstokenthatallowsyouaccessintoyourhome.Althoughkeyshavebeenusedtounlockdevicesforcenturies,theydohaveseverallimitations.Keysarepairedexclusivelywithalockorasetoflocks,andtheyarenoteasilychanged.Itiseasytoaddanauthorizeduserbygivingtheuseracopyofthekey,butitisfarmoredifficulttogivethatuserselectiveaccessunlessthatspecifiedareaisalreadysetupasaseparatekey.Itisalsodifficulttotakeaccessawayfromasinglekeyorkeyholder,whichusuallyrequiresarekeyofthewholesystem.Inmanybusinesses,physicalaccessauthenticationhasmovedto
contactlessradiofrequencycardsandproximityreaders.Whenpassednearacardreader,thecardsendsoutacodeusingradiowaves.Thereaderpicksupthiscodeandtransmitsittothecontrolpanel.Thecontrolpanelchecksthecodeagainstthereaderfromwhichitisbeingreadandthetypeofaccessthecardhasinitsdatabase.Oneoftheadvantagesofthiskindoftoken-basedsystemisthatanycardcanbedeletedfromthesystemwithoutaffectinganyothercardortherestofthesystem.TheRFID-basedcontactlessentrycardshowninFigure8.11isacommonformofthistokendeviceemployedfordoorcontrolsandisfrequentlyputbehindanemployeebadge.Inaddition,alldoorsconnectedtothesystemcanbesegmentedinanyformorfashiontocreatemultipleaccessareas,withdifferentpermissionsforeachone.Thetokensthemselvescanalsobegroupedinmultiplewaystoprovidedifferentaccesslevelstodifferentgroupsofpeople.Alloftheaccesslevelsorsegmentationofdoorscanbemodifiedquicklyandeasilyifbuildingspaceisretasked.Newertechnologiesareaddingcapabilitiestothestandardtoken-basedsystems.
•Figure8.11Smartcardshaveaninternalchipaswellasmultipleexternalcontactsforinterfacingwithasmartcardreader.
Theadventofsmartcards(cardsthatcontainintegratedcircuitscapableofgeneratingandstoringcryptographickeys)hasenabledcryptographictypesofauthentication.Smartcardtechnologyhasprovenreliableenoughthatitisnowpartofagovernmentalstandardforphysicalandlogicalauthentication.KnownasPersonalIdentityVerification,orPIV,cards,theyadheretotheFIPS201standard.Thissmartcardincludesacryptographicchipandconnector,aswellasacontactlessproximitycardcircuit.Italsohasstandardsforaprintedphotoandnameprintingonthefront.Biometricdatacanbestoredonthecard,providinganadditionalauthenticationfactor,andifthePIVstandardisfollowed,severalformsof
identificationareneededtogetacard.
TechTip
PersonnelIDBadgesHavingpersonnelwearavisibleIDbadgewiththeirpictureisacommonformofphysicalsecurity.Ifeveryoneissupposedtowearabadgevisibly,thenanyonewhoseessomeonewithoutabadgecanaskthemwhotheyare,andwhytheyarethere.Thisgreatlyincreasesthenumberofeyeswatchingforintrudersinlarge,publiclyaccessiblefacilities.
Theprimarydrawbackoftoken-basedauthenticationisthatonlythetokenisbeingauthenticated.Therefore,thetheftofthetokencouldgrantanyonewhopossessedthetokenaccesstowhatthesystemprotects.Theriskoftheftofthetokencanbeoffsetbytheuseofmultiple-factorauthentication.Oneofthewaysthatpeoplehavetriedtoachievemultiple-factorauthenticationistoaddabiometricfactortothesystem.
AccessTokensElectronicaccesscontrolsystemswerespawnedfromtheneedtohavemoreloggingandcontrolthanprovidedbytheoldermethodofmetallickeys.Mostelectronicsystemscurrentlyuseatoken-basedcardthatifpassednearareaderwillunlockthedoorstrikeandletyoupassintothearea(assumingyouhavepermissionfromthesystem).Newertechnologyattemptstomaketheauthenticationprocesseasierandmoresecure.Thefollowingsectionsdiscusshowtokensandbiometricsarebeing
usedforauthentication.Italsolooksintohowmultiple-factorauthenticationcanbeusedforphysicalaccess.
BiometricsBiometricsusethemeasurementsofcertainbiologicalfactorstoidentifyonespecificpersonfromothers.Thesefactorsarebasedonpartsofthe
humanbodythatareunique.Themostwellknownoftheseuniquebiologicalfactorsisthefingerprint.Fingerprintreadershavebeenavailableforseveralyearsinlaptops.Thesecomeinavarietyofformfactors,suchastheexampleshowninFigure8.12,andasstandaloneUSBdevices.
•Figure8.12Newerlaptopcomputersoftenincludeafingerprintreader.
However,manyotherbiologicalfactorscanbeused,suchastheretinaoririsoftheeye,thegeometryofthehand,andthegeometryoftheface.Whentheseareusedforauthentication,thereisatwo-partprocess:enrollmentandthenauthentication.Duringenrollment,acomputertakestheimageofthebiologicalfactorandreducesittoanumericvalue.Whentheuserattemptstoauthenticate,theirfeatureisscannedbythereader,andthecomputercomparesthenumericvaluebeingreadtotheonestoredinthedatabase.Iftheymatch,accessisallowed.Sincethesephysicalfactorsareunique,theoreticallyonlytheactualauthorizedpersonwouldbe
allowedaccess.Intherealworld,however,thetheorybehindbiometricsbreaksdown.
Tokensthathaveadigitalcodeworkverywellbecauseeverythingremainsinthedigitalrealm.Acomputerchecksyourcode,suchas123,againstthedatabase;ifthecomputerfinds123andthatnumberhasaccess,thecomputeropensthedoor.Biometrics,however,takeananalogsignal,suchasafingerprintoraface,andattempttodigitizeit,anditisthenmatchedagainstthedigitsinthedatabase.Theproblemwithananalogsignalisthatitmightnotencodetheexactsamewaytwice.Forexample,ifyoucametoworkwithabandageonyourchin,wouldtheface-basedbiometricsgrantyouaccessordenyit?Engineerswhodesignedthesesystemsunderstoodthatifasystemwas
settoexactchecking,anencodedbiometricmightnevergrantaccesssinceitmightneverscanthebiometricexactlythesamewaytwice.Therefore,mostsystemshavetriedtoallowacertainamountoferrorinthescan,whilenotallowingtoomuch.Thisleadstotheconceptsoffalsepositivesandfalsenegatives.Afalsepositiveoccurswhenabiometricisscannedandallowsaccesstosomeonewhoisnotauthorized—forexample,twopeoplewhohaveverysimilarfingerprintsmightberecognizedasthesamepersonbythecomputer,whichgrantsaccesstothewrongperson.Afalsenegativeoccurswhenthesystemdeniesaccesstosomeonewhoisactuallyauthorized—forexample,auseratthehandgeometryscannerforgottoweararingheusuallywearsandthecomputerdoesn’trecognizehishandanddenieshimaccess.Forbiometricauthenticationtoworkproperly,andalsobetrusted,itmustminimizetheexistenceofbothfalsepositivesandfalsenegatives.Todothat,abalancebetweenexactinganderrormustbecreatedsothatthemachinesallowalittlephysicalvariance—butnottoomuch.
FalsePositivesandFalseNegativesWhenadecisionismadeoninformationandanassociatedrangeofprobabilities,theconditionsexistforafalsedecision.Figure8.13illustratestwooverlappingprobabilities;anitembelongstoeithertheredcurveorthebluecurve,butnotboth.The
problemindecidingwhichcurveanitembelongstooccurswhenthecurvesoverlap.
•Figure8.13Overlappingprobabilities
Whenthereisanoverlappingarea,itistypicallyreferredtoasthefalsepositiveandfalsenegativerate.Notethatintheaccompanyingfigures,thesizeofoverlapisgreatlyexaggeratedtomakeiteasytosee.Figure8.14illustratesafalsepositivedetection.Ifthevalueobservedisthedottedline,thenitcouldbeconsideredeitheramatchoranon-match.Ifinfactitshouldnotmatch,andthesystemtagsitasamatch,itisafalsepositive.Inbiometrics,afalsepositivewouldallowaccesstoanunauthorizedparty.
•Figure8.14Falsepositive
Figure8.15illustratesafalsenegativedetection.Ifthevalueobservedisthedottedline,thenitcouldbeconsideredeitheramatchoranon-match.Ifinfactitshouldmatch,andthesystemtagsitasanon-match,itisafalsenegative.Afalsenegativewouldpreventanauthorizeduserfromobtainingaccess.
•Figure8.15Falsenegative
ExamTip:Falsepositiveandfalsenegativearefrequentlyconfused.Thetruedefinitionsrevolvearoundthestatisticaltermnullhypothesis.Forauthentication,itisassumedthatthepersonisnotauthorized.Ifthepersonisnotauthorized,andthetestincorrectlyrejectsthenullhypothesisandallowsentry,thisisafalsepositive—alsocalledaTypeIerror.Ifthepersonisauthorized,andthetestfailstoallowentry,thenthisisafalsenegative,orTypeIIerror.Theimportantelementisthedirectionofthenullhypothesis,which,forauthentication,wouldbetodenyentry.
Tosolvethefalsepositiveandfalsenegativeissue,theprobabilisticenginemustproducetwosetsofcurvesthatdonotoverlap.Thisisequivalenttoverylow,<0.001%,falsepositiveandfalsenegativerates.Becausethecurvestechnicallyhavetailsthatgoforever,therewillalwaysbesomefalserates,butthenumbershavetobeexceedinglysmalltoassuresecurity.Figure8.16illustratesthedesired,buttypicallyimpractical,separationofthecurves.
•Figure8.16Desiredsituation
Amorerealisticsituationhasthetwocurvescrossingoveratsomepoint,andthispointisknownasthecrossovererrorrate(CER).TheCERisthepointwherethefalseacceptanceandfalserejectionratesareequal.Whileasystemhastheabilitytoadjustwhichofthetwofalseratestofavor,theCERprovidesameansofcomparingsystemsperformanceatdiscriminatingsignals.AsystemwithaCERof2percentismoreaccurate(andhasmoreseparation)thanonewithaCERof5percent.Anotherconcernwithbiometricsisthatifsomeoneisabletostealthe
uniquenessfactorthatthemachinescans—yourfingerprintfromaglass,forexample—andisabletoreproducethatfactorinasubstancethatfoolsthescanner,thatpersonnowhasyouraccessprivileges.Thisideaiscompoundedbythefactthatitisimpossibleforyoutochangeyourfingerprintifitgetsstolen.Itiseasytoreplacealostorstolentokenanddeletethemissingonefromthesystem,butitisfarmoredifficulttoreplaceahumanhand.Anotherproblemwithbiometricsisthatpartsofthehumanbodycanchange.Ahumanfacecanchange,throughscarring,weightlossorgain,orsurgery.Afingerprintcanbechangedthroughdamagetothefingers.Eyeretinascanbeaffectedbysometypesofdiabetesorbypregnancy.Allofthesechangesforcethebiometricsystem
toallowahighertoleranceforvarianceinthebiometricbeingread.Thishasledthewayforhigh-securityinstallationstomovetowardmultiple-factorauthentication.
Multiple-FactorAuthenticationMultiple-factorauthenticationissimplythecombinationoftwoormoretypesofauthentication.Threebroadcategoriesofauthenticationcanbeused:whatyouare(forexample,biometrics),whatyouhave(forinstance,tokens),andwhatyouknow(passwordsandotherinformation).Two-factorauthenticationcombinesanytwoofthesebeforegrantingaccess.Anexamplewouldbeacardreaderthatthenturnsonafingerprintscanner—ifyourfingerprintmatchestheoneonfileforthecard,youaregrantedaccess.Three-factorauthenticationwouldcombineallthreetypes,suchasasmartcardreaderthatasksforaPINbeforeenablingaretinascanner.Ifallthreecorrespondtoavaliduserinthecomputerdatabase,accessisgranted.
ExamTip:Two-factorauthenticationcombinesanytwomethodsofauthentication,matchingitemssuchasatokenwithabiometric.Three-factorauthenticationcombinesanythree,suchasapasscode,biometric,andatoken.
Multiple-factorauthenticationmethodsgreatlyenhancesecuritybymakingitverydifficultforanattackertoobtainallthecorrectmaterialsforauthentication.Theyalsoprotectagainsttheriskofstolentokens,astheattackermusthavethecorrectbiometric,password,orboth.Moreimportant,multiple-factorauthenticationenhancesthesecurityofbiometricsystems,byprotectingagainstastolenbiometric.Changingthetokenmakesthebiometricuselessunlesstheattackercanstealthenewtoken.Italsoreducesfalsepositivesbytryingtomatchthesuppliedbiometricwiththeonethatisassociatedwiththesuppliedtoken.Thispreventsthecomputerfromseekingamatchusingtheentiredatabaseof
biometrics.Usingmultiplefactorsisoneofthebestwaystoensureproperauthenticationandaccesscontrol.
Chapter8Review
ChapterSummaryAfterreadingthischapterandcompletingtheexercises,youshouldunderstandthefollowingfactsabouthowphysicalsecurityimpactsnetworksecurity.
Describehowphysicalsecuritydirectlyaffectscomputerandnetworksecurity
Physicalaccessdefeatsallnetworksecurityprotections.
Bootdisksallowfilesystemaccess.
Driveimagingissimpletoaccomplishwithphysicalaccess.
Accesstotheinternalnetworkissimplewithphysicalaccess.
Theftofhardwarecanbeanattackinandofitself.
Discussstepsthatcanbetakentohelpmitigaterisks
Removaloffloppydrivesandothermediadriveswhentheyareunnecessarycanhelpmitigatebootdiskattacks.
RemovalofCD-ROMdevicesalsomakesphysicalaccessattacksmoredifficult.
BIOSpasswordsshouldbeusedtoprotectthebootsequence.
USBdevicesareathreatandthus,ifpossible,USBdriversshouldberemoved.
Allusersneedsecuritytraining.
Authenticationsystemsshouldusemultiplefactorswhenfeasible.
Identifythedifferenttypesoffiresandthevariousfiresuppressionsystemsdesignedtolimitthedamagecausedbyfires
Firescanbecausedbyandcanconsumeanumberofdifferentmaterials.Itisimportanttorecognizewhattypeoffireisoccurring,becausetheextinguishertousedependsonthetypeoffire.
TheABCfireextinguisheristhemostcommontypeandisdesignedtohandlemosttypesoffires.Theonlytypeoffireitisnotdesignedtoaddressisonewithcombustiblemetals.
Explainelectronicaccesscontrolsandtheprinciplesofconvergence
Accesscontrolsshouldhavelayeredareasandelectronicaccesscontrolsystems.
Electronicphysicalsecuritysystemsneedtobeprotectedfromnetwork-basedattacks.
KeyTermsaccesstokens(210)autoplay(201)biometrics(211)BIOSpasswords(200)bootdisk(192)closedcircuittelevision(CCTV)(198)contactlessaccesscards(197)convergence(200)crossovererrorrate(CER)(214)driveimaging(194)falsenegative(212)
falsepositive(212)layeredaccess(197)LiveCD(193)mantrap(198)multiple-factorauthentication(214)physicalaccesscontrol(196)policiesandprocedures(200)smartcards(211)UnifiedExtensibleFirmwareInterface(UEFI)(200)USBdevices(201)
KeyTermsQuizUsetermsfromtheKeyTermslisttocompletethesentencesthatfollow.Don’tusethesametermmorethanonce.Notalltermswillbeused.
1.Adoorsystemdesignedtoonlyallowasinglepersonthroughiscalleda(n)_______________.
2._______________includeMP3playersandflashdrives.3.A(n)_______________happenswhenanunauthorizeduseris
allowedaccess.
4.Removablemediafromwhichacomputercanbebootediscalleda(n)_______________.
5._______________forcesausertoauthenticateagainwhenenteringamoresecurearea.
6.Itemscarriedbytheusertoallowthemtobeauthenticatedarecalled_______________.
7._______________isthemeasurementofuniquebiologicalproperties,likethefingerprint.
8._______________preventanattackerfrommakingthemachinebootofftheDVDdrive.
9._______________isasystemwherethecameraandmonitoraredirectlylinked.
10.Usingatoken,fingerprintreader,andPINkeypadwouldbeanexampleof_______________.
Multiple-ChoiceQuiz1.Whatisthemostcommonexampleofanaccesstoken?
A.Smartcard
B.Handwritingsample
C.PDA
D.Key
2.Whichoneisnotcommonlyusedasabiometric?A.Eyeretina
B.Handgeometry
C.Shoulder-to-waistgeometry
D.Fingerprint
3.Probablythesimplestphysicalattackonthecomputersystemis:A.AccessinganEthernetjacktoattackthenetwork
B.Usinganimitationtofoolabiometricauthenticator
C.InstallingavirusontheCCTVsystem
D.Outrighttheftofthecomputers
4.Whatisacommonthreattotoken-basedaccesscontrols?
A.Thekey
B.Demagnetizationofthestrip
C.Asystemcrash
D.Lossortheftofthetoken
5.WhycanUSBflashdrivesbeathreat?A.Theyusetoomuchpower.
B.Theycanbringmaliciouscodepastothersecuritymechanisms.
C.Theycanbestolen.
D.Theycanbeencrypted.
6.WhyisHVACimportanttocomputersecurity?A.SabotageoftheACunitcouldtakeouttheelectricalpower.
B.SabotageoftheACunitwouldmakethecomputersoverheatandshutdown.
C.TheACunitscouldbeconnectedtothenetwork.
D.HVACisnotimportanttosecurity.
7.Whyshouldsecurityguardsgetcross-traininginnetworksecurity?A.Theyaretheeyesandearsofthecorporationwhenitcomesto
security.
B.Theyaretheonlypeopleinthebuildingatnight.
C.Theyaremorequalifiedtoknowwhatasecuritythreatis.
D.Theyhavetheauthoritytodetainviolators.
8.Whyisenrollmentimportanttobiometrics?A.Fingerprintsareunique.
B.Itaddsanotherlayertothelayeredaccessmodel.
C.Ifenrollmentisnotdonecarefully,falsepositiveswillincrease.
D.Itcompletelypreventsfalsepositives.
9.Whyisphysicalsecuritysoimportanttogoodnetworksecurity?A.Becauseencryptionisnotinvolved
B.Becausephysicalaccessdefeatsnearlyallnetworksecuritymeasures
C.Becauseanattackercanstealbiometricidentities
D.Authentication
10.Howdoesmultiple-factorauthenticationimprovesecurity?A.Byusingbiometrics,nootherpersoncanauthenticate.
B.Itrestrictsuserstosmallerspaces.
C.Byusingacombinationofauthentications,itismoredifficultforsomeonetogainillegitimateaccess.
D.Itdeniesaccesstoanintrudermultipletimes.
EssayQuestions1.YouhavebeenaskedtoreportonthefeasibilityofinstallinganIP
CCTVcamerasystematyourorganization.DetailtheprosandconsofanIPCCTVsystemandhowyouwouldimplementthesystem.
2.Writeamemojustifyinglayeredaccessfordevicesinanorganization.
3.Writeamemojustifyingmoreusereducationaboutphysicalsecurity.
4.WriteasamplepolicyregardingtheuseofUSBdevicesinan
organization.
LabProjects
•LabProject8.1LoadaLiveCDonyourmachineandexaminethetoolsitprovides.Youwillneedthefollowingmaterials:
AcomputerwithaversionofWindowsinstalledandaCD/DVDburner
AnemptyCDorDVDThendothefollowing:
1.DownloadacopyofKaliLinux.Agoodsitefromwhichtoobtainthisiswww.kali.org/downloads/.
2.BurntheISOfiletotheCD/DVD.
3.Rebootthemachine,allowingtheLiveCDtostartthemachineinLinux.4.OnceKaliLinuxisrunning,openaterminalwindowandtypewireshark.
5.WithWiresharkopenasasniffingprogram,recordthetraffictoandfromthiscomputer.A.OpenCapture|Options.
B.SelectStartonyourEthernetinterface,usuallyeth0.
C.StopCapturebyselectingCapture|Stop.
D.Clickanypacketlistedtoviewtheanalysis.
6.ViewtheothertoolsontheCDunderKDE|Kali.
•LabProject8.2Disableautoplayonyoursystemforseveraltypesofmedia.Youwillneedthefollowingmaterials:
AcomputerwithWindowsAUSBflashdrivethatissettobebootable
ACD/DVDwithanautoplayfile
Thendothefollowing:
1.InserttheCD/DVDandverifythatautoplayisonandworking.
2.Followthischapter’sinstructionsondisablingautoplay.3.ReinserttheCD/DVDandverifythatautoplayisdisabled—nothingshouldappearwhen
theCD/DVDisinsertednow.
4.InserttheUSBflashdriveandseeifautoplayworksforit;ifitdoes,disableitusingthesamemethod.
chapter9 NetworkFundamentals
Thevalueofacommunicationsnetworkisproportionaltothesquareofthenumberofitsusers.
—METCALFE’SLAW
B
Inthischapter,youwilllearnhowto
Identifythebasicnetworkarchitectures
Definethebasicnetworkprotocols
Explainroutingandaddresstranslation
Classifysecurityzones
ythesimplestdefinitioninthedataworld,anetworkisameanstoconnecttwoormorecomputerstogetherforthepurposesofsharinginformation.Theterm“network”hasdifferentmeaningsdependingon
thecontextandusage.Anetworkcanbeagroupoffriendsandassociates,aseriesofinterconnectedtunnels,or,fromacomputer-orientedperspective,acollectionofinterconnecteddevices.Networksizesandshapesvarydrastically,rangingfromtwopersonalcomputersconnectedwithacrossovercableorwirelessrouterallthewayuptotheInternet,encirclingtheglobeandlinkingtogetheruntoldnumbersofindividual,distributedsystems.Thoughdatanetworksvarywidelyinsizeandscope,theyaregenerallydefinedintermsoftheirarchitecture,topology,andprotocols.
NetworkArchitecturesEverynetworkhasanarchitecture—whetherbydesignorbyaccident.Definingordescribingaspecificnetwork’sarchitectureinvolvesidentifyingthenetwork’sphysicalconfiguration,logicaloperation,structure,procedures,dataformats,protocols,andothercomponents.Forthesakeofsimplicityandcategorization,peopletendtodividenetworkarchitecturesintotwomaincategories:LANsandWANs.Alocalareanetwork(LAN)typicallyissmallerintermsofsizeandgeographiccoverageandconsistsoftwoormoreconnecteddevices.HomenetworksandmostsmallofficenetworkscanbeclassifiedasLANs.Awidearea
network(WAN)tendstobelarger,coveringmoregeographicarea,andconsistsoftwoormoresystemsingeographicallyseparatedareasconnectedbyanyofavarietyofmethodssuchasleasedlines,radiowaves,satelliterelays,microwaves,orevendial-upconnections.Withtheadventofwirelessnetworking,optical,andcellulartechnology,thelinesbetweenLANandWANsometimesseemtomergeseamlesslyintoasinglenetworkentity.Forexample,mostcorporationshavemultipleLANswithineachofficelocationthatallconnecttoaWANthatprovidesintercompanyconnectivity.Figure9.1showsanexampleofacorporatenetwork.EachofficelocationwilltypicallyhaveoneormoreLANs,whichareconnectedtotheotherofficesandthecompanyheadquartersthroughacorporateWAN.
•Figure9.1CorporateWANconnectingmultipleoffices
ExamTip:ALANisalocalareanetwork—anofficebuilding,homenetwork,andsoon.AWANisawideareanetwork—acorporatenetworkconnectingofficesinDallas,NewYork,andSanJose,forexample.
Overtime,asnetworkshavegrown,diversified,andmultiplied,thelinebetweenLANandWANhasbecomeblurred.Tobetterdescribeemerging,specializednetworkstructures,newtermshavebeencoinedtoclassifynetworksbasedonsizeanduse:
Campusareanetwork(CAN)Anetworkconnectinganynumberofbuildingsinanofficeoruniversitycomplex(alsoreferredtoasacampuswideareanetwork).
IntranetA“private”networkthatisaccessibleonlytoauthorizedusers.Manylargecorporationshostanintranettofacilitateinformationsharingwithintheirorganization.
InternetThe“globalnetwork”connectinghundredsofmillionsofsystemsandusers.
Metropolitanareanetwork(MAN)Anetworkdesignedforaspecificgeographiclocalitysuchasatownoracity.
Storageareanetwork(SAN)Ahigh-speednetworkconnectingavarietyofstoragedevicessuchastapesystems,RAIDarrays,opticaldrives,fileservers,andothers.
Virtuallocalareanetwork(VLAN)Alogicalnetworkallowingsystemsondifferentphysicalnetworkstointeractasiftheywereconnectedtothesamephysicalnetwork.
Client/serverAnetworkinwhichpowerful,dedicatedsystemscalledserversprovideresourcestoindividualworkstationsorclients.
Peer-to-peerAnetworkinwhicheverysystemistreatedasanequal,suchasahomenetwork.
NetworkTopologyOnemajorcomponentofeverynetwork’sarchitectureisthenetwork’stopology—howthenetworkisphysicallyorlogicallyarranged.Termstoclassifyanetwork’stopologyhavebeendeveloped,oftenreflectingthephysicallayoutofthenetwork.Themainclassesofnetworktopologiesarestar,ring,bus,andmixed.
StartopologyNetworkcomponentsareconnectedtoacentralpoint.(SeeFigure9.2.)
•Figure9.2Startopology
BustopologyNetworkcomponentsareconnectedtothesamecable,oftencalled“thebus”or“thebackbone.”(SeeFigure9.3.)
•Figure9.3Bustopology
RingtopologyNetworkcomponentsareconnectedtoeachotherinaclosedloopwitheachdevicedirectlyconnectedtotwootherdevices.(SeeFigure9.4.)
•Figure9.4Ringtopology
Largernetworks,suchasthoseinsideanofficecomplex,mayusemorethanonetopologyatthesametime.Forexample,anofficecomplexmayhavealargeringtopologythatinterconnectsallthebuildingsinthecomplex.Eachbuildingmayhavealargebustopologytointerconnectstartopologieslocatedoneachfloorofthebuilding.Thisiscalledamixedtopologyorhybridtopology.(SeeFigure9.5.)
•Figure9.5Mixedtopology
Withrecentadvancesintechnology,thesetopologydefinitionsoftenbreakdown.Whileanetworkconsistingoffivecomputersconnectedtothesamecoaxialcableiseasilyclassifiedasabustopology,whataboutthosesamecomputersconnectedtoaswitchusingCat-5cables?Withaswitch,eachcomputerisconnectedtoacentralnode,muchlikeastartopology,butthebackplaneoftheswitchisessentiallyasharedmedium.
Withaswitch,eachcomputerhasitsownexclusiveconnectiontotheswitchlikeastartopology,buthastosharetheswitch’scommunicationsbackbonewithalltheothercomputers,muchlikeabustopology.Toavoidthistypeofconfusion,manypeopleusetopologydefinitionsonlytoidentifythephysicallayoutofthenetwork,focusingonhowthedevicesareconnectedtothenetwork.Ifweapplythislineofthinkingtoourexample,thefive-computernetworkbecomesastartopologywhetherweuseahuboraswitch.
Wirelessnetworksuseradiowavesastheirmediumtotransmitpackets,andthoseradiowavesdon’tstopatthewallsofyourhouseoryourorganization.Anyonewithinrangecan“see”thoseradiowavesandattempttoeithersniffyourtrafficorconnecttoyournetwork.Encryption,MACaddressfiltering,andsuppressionofbeaconframesareallsecuritymechanismstoconsiderwhenusingwirelessnetworks.Wirelessnetworks,becauseofthesignalpropagation,caneasilyassumeameshstructure.
NetworkProtocolsHowdoalltheseinterconnecteddevicescommunicate?WhatmakesaPCinChinaabletoviewwebpagesonaserverinBrazil?Whenengineersfirststartedtoconnectcomputerstogethervianetworks,theyquicklyrealizedtheyneededacommonlyacceptedmethodforcommunicating—aprotocol.
ProtocolsAprotocolisanagreed-uponformatforexchangingortransmittingdatabetweensystems.Aprotocoldefinesanumberofagreed-uponparameters,suchasthedatacompressionmethod,thetypeoferrorcheckingtouse,andmechanismsforsystemstosignalwhentheyhavefinishedeitherreceivingortransmittingdata.Thereisawidevarietyofprotocols,each
designedwithcertainbenefitsandusesinmind.Someofthemorecommonprotocolsthathavebeenusedinnetworkingarelistednext.Today,mostnetworksaredominatedbyEthernetandInternetProtocol.
AppleTalkThecommunicationsprotocoldevelopedbyAppletoconnectMacintoshcomputersandprinters.
AsynchronousTransferMode(ATM)Aprotocolbasedontransferringdatainfixed-sizepackets.Thefixedpacketsizeshelpensurethatnosingledatatypemonopolizestheavailablebandwidth.
EthernetTheLANprotocoldevelopedjointlybyXerox,DEC,andIntel—themostwidelyimplementedLANstandard.
FiberDistributedDataInterface(FDDI)Theprotocolforsendingdigitaldataoverfiber-opticcabling.
InternetProtocols(IP)Theprotocolsformanagingandtransmittingdatabetweenpacket-switchedcomputernetworks,originallydevelopedfortheDepartmentofDefense.MostusersarefamiliarwithInternetprotocolssuchase-mail,FileTransferProtocol(FTP),Telnet,andHypertextTransferProtocol(HTTP).
InternetworkPacketExchange(IPX)ThenetworkingprotocolcreatedbyNovellforusewithNovellNetWareoperatingsystems.
SignalingSystem7(SS7)Thetelecommunicationsprotocolusedbetweenprivatebranchexchanges(PBXs)tohandletaskssuchascallsetup,routing,andteardown.
SystemsNetworkArchitecture(SNA)AsetofnetworkprotocolsdevelopedbyIBM,originallyusedtoconnectIBM’smainframesystems.
TokenRingALANprotocoldevelopedbyIBMthatrequiressystemstopossessthenetwork“token”beforetransmittingdata.
TransmissionControlProtocol/InternetProtocol(TCP/IP)Thecollectionofcommunicationsprotocolsusedtoconnecthostsonthe
Internet.TCP/IPisbyfarthemostcommonlyusednetworkprotocolandisacombinationoftheTCPandIPprotocols.
X.25AprotocolDevelopedbytheComitéConsultatifInternationalTéléphoniqueetTélégraphique(CCITT)foruseinpacket-switchednetworks.TheCCITTwasasubgroupwithintheInternationalTelecommunicationUnion(ITU)beforetheCCITTwasdisbandedin1992.
AlittlehistoryontheIPprotocolfromWikipedia:“InMay,1974,theInstituteofElectricalandElectronicEngineers(IEEE)publishedapaperentitled‘AProtocolforPacketNetworkInterconnection.’Thepaper’sauthors,VintCerfandBobKahn,describedaninternetworkingprotocolforsharingresourcesusingpacket-switchingamongthenodes.”
Inmostcases,communicationsprotocolsweredevelopedaroundtheOpenSystemInterconnection(OSI)model.TheOSImodel,orOSIReferenceModel,isanInternationalOrganizationforStandardization(ISO)standardforworldwidecommunicationsthatdefinesaframeworkforimplementingprotocolsandnetworkingcomponentsinsevendistinctlayers.WithintheOSImodel,controlispassedfromonelayertoanother(top-down)beforeitexitsonesystemandentersanothersystem,wherecontrolispassedbottom-uptocompletethecommunicationscycle.ItisimportanttonotethatmostprotocolsonlylooselyfollowtheOSImodel;severalprotocolscombineoneormorelayersintoasinglefunction.TheOSImodelalsoprovidesacertainlevelofabstractionandisolationforeachlayer,whichonlyneedstoknowhowtointeractwiththelayeraboveandbelowit.Theapplicationlayer,forexample,onlyneedstoknowhowtocommunicatewiththepresentationlayer—itdoesnotneedtotalkdirectlytothephysicallayer.Figure9.6showsthedifferentlayersoftheOSImodel.
•Figure9.6TheOSIReferenceModel
PacketsNetworksarebuilttoshareinformationandresources,butlikeotherformsofcommunication,networksandtheprotocolstheyusehavelimitsandrulesthatmustbefollowedforeffectivecommunication.Forexample,largechunksofdatamusttypicallybebrokenupintosmaller,moremanageablechunksbeforetheyaretransmittedfromonecomputertoanother.Breakingthedatauphasadvantages—youcanmoreeffectivelysharebandwidthwithothersystemsandyoudon’thavetoretransmittheentiredatasetifthereisaproblemintransmission.Whendataisbrokenupintosmallerpiecesfortransmission,eachofthesmallerpiecesistypicallycalledapacket.Eachprotocolhasitsowndefinitionofapacket—
dictatinghowmuchdatacanbecarried,whatinformationisstoredwhere,howthepacketshouldbeinterpretedbyanothersystem,andsoon.
Theconceptofbreakingamessageintopiecesbeforesendingitisasoldasnetworking.Thetermsusedtodescribethesepiecescanvaryfromprotocoltoprotocol.FrameRelayandEthernetbothusethetermframe.ATMcallsthemcells.Manyprotocolsusethegenerictermpacket.IntheOSImodel,thetermdatagramisused.Attheendoftheday,regardlessofwhatitiscalled,thesepiecesareprotocol-defined,formattedstructuresusedtocarryinformation.
Astandardpacketstructureisacrucialelementinaprotocoldefinition.Withoutastandardpacketstructure,systemswouldnotbeabletointerprettheinformationcomingtothemfromothersystems.Packet-basedcommunicationsystemshaveotheruniquecharacteristics,suchassize,whichneedtobeaddressed.Thisisdoneviaadefinedmaximumandfragmentingpacketsthataretoobig,asshowninthenextsections.
MaximumTransmissionUnitWhentransmittingpacketsacrossanetwork,therearemanyinterveningprotocolsandpiecesofequipment,eachwithitsownsetoflimitations.OneofthefactorsusedtodeterminehowmanypacketsamessagemustbebrokenintoistheMaximumTransmissionUnit(MTU).TheMTUisthelargestpacketthatcanbecarriedacrossanetworkchannel.ThevalueoftheMTUisusedbyTCPtopreventpacketfragmentationatinterveningdevices.PacketfragmentationisthesplittingofapacketwhileintransitintotwopacketssothattheyfitpastanMTUbottleneck.
PacketFragmentationBuiltintotheInternetProtocolisamechanismforhandlingofpacketsthatarelargerthanallowedacrossahop.UnderICMPv4,arouterhastwooptionswhenitencountersapacketthatistoolargeforthenexthop:breakthepacketintotwofragments,sendingeachseparately,ordropthepacket
andsendanICMPmessagebacktotheoriginator,indicatingthatthepacketistoobig.Whenafragmentedpacketarrivesatthereceivinghost,itmustbereunitedwiththeotherpacketfragmentsandreassembled.OneoftheproblemswithfragmentationisthatitcancauseexcessivelevelsofpacketretransmissionasTCPmustretransmitanentirepacketforthelossofasinglefragment.InIPv6,toavoidfragmentation,hostsarerequiredtodeterminetheminimalpathMTUbeforetransmissionofpacketstoavoidfragmentationenroute.AnyfragmentationrequirementsinIPv6areresolvedattheorigin,andiffragmentationisrequired,itoccursbeforesending.
TechTip
IPv6andFragmentationIPv6systemscalculatetheMTUandthenadheretothatfromhosttohost.Thispreventsfragmentationenroute;insteadallfragmentationisdonebytheoriginatinghosttofitundertheMTUlimit.
IPfragmentationcanbeexploitedinavarietyofwaystobypasssecuritymeasures.PacketscanbepurposefullyconstructedtosplitexploitcodeintomultiplefragmentstoavoidIDSdetection.Becausethereassemblyoffragmentsisdependentupondatainthefragments,itispossibletomanipulatethefragmentstoresultindatagramsthatexceedthe64KBlimit,resultingindenialofservice.
InternetProtocolTheInternetProtocolisnotasingleprotocolbutasuiteofprotocols.TherelationshipbetweensomeoftheIPsuiteandtheOSImodelisshowninFigure9.7.Asyoucansee,therearedifferencesbetweenthetwoversionsoftheprotocolinuse,v4andv6.Theprotocolelementsandtheirsecurityimplicationsarecoveredinthenextsectionsofthischapter.Oneofthese
differencesisthereplacementoftheInternetGroupManagementProtocol(IGMP)withtheInternetControlMessageProtocol(ICMP)andMulticastListenerDiscovery(MLD)inIPv6.
•Figure9.7InternetProtocolsuitecomponents
IPPacketsTobetterunderstandpacketstructure,let’sexaminethepacketstructuredefinedbytheIPprotocol.AnIPpacket,oftencalledadatagram,hastwomainsections:theheaderandthedatasection(sometimescalledthepayload).Theheadersectioncontainsalloftheinformationneededtodescribethepacket(seeFigure9.8).
•Figure9.8LogicallayoutofanIPpacket,(a)IPv4(b)IPv6
InIPv4,therearecommonfieldstodescribethefollowingoptions.
Whatkindofpacketitis(protocolversionnumber)
Howlargetheheaderofthepacketis(packetheaderlength)
Howtoprocessthispacket(typeofservicetellingthenetworkwhetherornottouseoptionssuchasminimizedelay,maximizethroughput,maximizereliability,andminimizecost)
Howlargetheentirepacketis(overalllengthofpacket—sincethisisa16-bitfield,themaximumsizeofanIPpacketis65,535bytes,butinpracticemostpacketsarearound1500bytes)
Auniqueidentifiersothatthispacketcanbedistinguishedfromotherpackets
Whetherornotthispacketispartofalongerdatastreamandshouldbehandledrelativetootherpackets
Flagsthatindicatewhetherornotspecialhandlingofthispacketisnecessary
Adescriptionofwherethispacketfitsintothedatastreamascomparedtootherpackets(thefragmentoffset)
A“timetolive”fieldthatindicatesthepacketshouldbediscardedifthevalueiszero
Aprotocolfieldthatdescribestheencapsulatedprotocol
Achecksumofthepacketheader(tominimizethepotentialfordatacorruptionduringtransmission)
Wherethepacketisfrom(sourceIPaddress,suchas10.10.10.5)
Wherethepacketisgoing(destinationIPaddress,suchas10.10.10.10)
Optionflagsthatgovernsecurityandhandlingrestrictions,whetherornottorecordtheroutethispackethastaken,whetherornottorecordtimestamps,andsoon
Thedatathispacketcarries
InIPv6,thesourceanddestinationaddressestakeupmuchgreater
room,andforequipmentandpackethandlingreasons,mostoftheinformationaloptionshavebeenmovedtotheoptionalareaaftertheaddresses.Thisseriesofoptionalextensionheadersallowstheefficientuseoftheheaderinprocessingtheroutinginformationduringpacketroutingoperations.OneofthemostcommonoptionsistheIPsecextension,whichisused
toestablishIPsecconnections.IPsecusesencryptiontoprovideavarietyofprotectionstopackets.IPsecisfullycoveredinChapter11.
TechTip
TheImportanceofUnderstandingTCP/IPProtocolsAsecurityprofessionalmustunderstandhowthevariousTCP/IPprotocolsoperate.Forexample,ifyou’relookingatapacketcaptureofasuspectedportscan,youneedtoknowhow“normal”TCPandUDPtrafficworkssoyouwillbeabletospot“abnormal”traffic.Thischapterprovidesaverybasicoverviewofthemostpopularprotocols:TCP,UDP,andICMP.
Asyoucansee,thisstandardpacketdefinitionallowssystemstocommunicate.Withoutthistypeof“commonlanguage,”theglobalconnectivityweenjoytodaywouldbeimpossible—theIPprotocolistheprimarymeansfortransmittinginformationacrosstheInternet.
TCPvs.UDPProtocolsaretypicallydevelopedtoenableacertaintypeofcommunicationorsolveaspecificproblem.Overtheyears,thisapproachhasledtothedevelopmentofmanydifferentprotocols,eachcriticaltothefunctionorprocessitsupports.However,therearetwoprotocolsthathavegrownsomuchinpopularityandusethatwithoutthem,theInternetasweknowitwouldceasetoexist.Thesetwoprotocols,theTransmissionControlProtocol(TCP)andUserDatagramProtocol(UDP),areprotocolsthatrunontopoftheIPnetworkprotocol.Asseparateprotocols,
theyeachhavetheirownpacketdefinitions,capabilities,andadvantages,butthemostimportantdifferencebetweenTCPandUDPistheconceptof“guaranteed”reliabilityanddelivery.
ExamTip:TCPisa“connection-oriented”protocolandoffersreliabilityandguaranteeddeliveryofpackets.UDPisa“connectionless”protocolwithnoguaranteesofdelivery.
UDPisknownasa“connectionless”protocolasithasveryfewerror-recoveryservicesandnoguaranteeofpacketdelivery.WithUDP,packetsarecreatedandsentontheirway.Thesenderhasnoideawhetherthepacketsweresuccessfullyreceivedorwhethertheywerereceivedinorder.Inthatrespect,UDPpacketsaremuchlikepostcards—youaddressthemanddroptheminthemailbox,notreallyknowingif,when,orhowthepostcardsreachyourintendedaudience.Eventhoughpacketlossandcorruptionarerelativelyrareonmodernnetworks,UDPisconsideredtobeanunreliableprotocolandisoftenonlyusedfornetworkservicesthatarenotgreatlyaffectedbytheoccasionallostordroppedpacket.Timesynchronizationrequests,namelookups,andstreamingaudioaregoodexamplesofnetworkservicesbasedonUDP.UDPalsohappenstobeafairly“efficient”protocolintermsofcontentdeliveryversusoverhead.WithUDP,moretimeandspaceisdedicatedtocontent(data)deliverythanwithotherprotocolssuchasTCP.ThismakesUDPagoodcandidateforstreamingprotocols,asmoreoftheavailablebandwidthandresourcesareusedfordatadeliverythanwithotherprotocols.TCPisa“connection-oriented”protocolandwasspecificallydesigned
toprovideareliableconnectionbetweentwohostsexchangingdata.TCPwasalsodesignedtoensurethatpacketsareprocessedinthesameorderinwhichtheyweresent.AspartofTCP,eachpackethasasequencenumbertoshowwherethatpacketfitsintotheoverallconversation.Withthesequencenumbers,packetscanarriveinanyorderandatdifferenttimesandthereceivingsystemwillstillknowthecorrectorderforprocessing
them.Thesequencenumbersalsoletthereceivingsystemknowifpacketsaremissing—receivingpackets1,2,4,and7tellsusthatpackets3,5,and6aremissingandneededaspartofthisconversation.Thereceivingsystemcanthenrequestretransmissionofpacketsfromthesendertofillinanygaps.The“guaranteedandreliable”aspectofTCPmakesitverypopularfor
manynetworkapplicationsandservicessuchasHTTP,FTP,andTelnet.Aspartoftheconnection,TCPrequiresthatsystemsfollowaspecificpatternwhenestablishingcommunications.Thispattern,oftencalledthethree-wayhandshake(showninFigure9.9),isasequenceofveryspecificsteps:
•Figure9.9TCP’sthree-wayhandshake
1.Theoriginatinghost(usuallycalledtheclient)sendsaSYN(synchronize)packettothedestinationhost(usuallycalledtheserver).TheSYNpackettellstheserverwhatporttheclientwantstoconnecttoandtheinitialpacketsequencenumberoftheclient.
2.TheserversendsaSYN/ACKpacketbacktotheclient.ThisSYN/ACK(synchronize/acknowledge)tellstheclient“Ireceivedyourrequest”andalsocontainstheserver’sinitialpacketsequencenumber.
3.TheclientrespondstotheserverwithanACKpackettocompletetheconnectionestablishmentprocess.
Thinkofthethree-wayhandshakeasbeingsimilartoaphonecall.Youplaceacalltoyourfriend—that’stheSYN.Yourfriendanswersthephoneandsays“hello”—that’stheSYN/ACK.Thenyousay“Hi,it’sme”—that’stheACK.Yourconnectionisestablishedandyoucanstartyourconversation.
ICMPWhileTCPandUDParearguablythemostcommonprotocols,theInternetControlMessageProtocol(ICMP)isprobablythethirdmostcommonlyusedprotocol.Duringtheearlydevelopmentoflargenetworks,itwasquicklydiscoveredthatthereneededtobesomemechanismformanagingtheoverallinfrastructure—handlingconnectionstatus,trafficflow,availability,anderrors.ThismechanismisICMP.ICMPisacontrolandinformationprotocolandisusedbynetworkdevicestodeterminesuchthingsasaremotenetwork’savailability,thelengthoftimetoreacharemotenetwork,andthebestrouteforpacketstotakewhentravelingtothatremotenetwork(usingICMPredirectmessages,forexample).ICMPcanalsobeusedtohandletheflowoftraffic,tellingothernetworkdevicesto“slowdown”transmissionspeedsifpacketsarecomingintoofast.
TechTip
TCPPacketFlagsTCPpacketscontainflags—dedicatedfieldsthatareusedtohelptheTCPprotocolcontrolandmanagetheTCPsession.ThereareeightdifferentflagsinaTCPpacket,andwhenaflagis“set,”itissettoavalueof1.Theeightdifferentflagsare
CWR(CongestionWindowReduced)SetbyahosttoindicatethatitreceivedapacketwiththeECEflagsetandistakingactiontohelpreducecongestion.
ECE(ECN-Echo)IndicatesthattheTCPpeerisECNcapablewhenusedduringthethree-wayhandshake.Duringnormaltraffic,thisflagmeansthatapacketwithaCongestionExperiencedflaginitsIPheaderwasreceivedbythehostsendingthis
packet.
URG(Urgent)Whenset,theurgentpointerinthepacketsshouldbereadasvalidandfollowedforadditionaldata.
ACK(Acknowledgment)IndicatesthatthedataintheACKfieldshouldbeprocessed.
PSH(Push)Indicatesthatdatadeliveryshouldstartimmediatelyratherthanwaitingforbufferstofillupfirst.
RST(Reset)Resetsthecurrentconnection—astart-overfeatureoftenusedbyIPS/IDSdevicestointerruptsessions.
SYN(Synchronize)Usedtohelpsynchronizesequencenumbers.FIN(Finish)Indicatesthesenderisfinishedandhasnomoredatatosend.
ICMP,likeUDP,isaconnectionlessprotocol.ICMPwasdesignedtocarrysmallmessagesquicklywithminimaloverheadorimpacttobandwidth.ICMPpacketsaresentusingthesameheaderstructureasIPpackets,withtheprotocolfieldsetto1toindicatethatitisanICMPpacket.ICMPpacketsalsohavetheirownheader,whichfollowstheIPheaderandcontainstype,code,checksum,sequencenumber,identifier,anddatafields.The“type”fieldindicateswhattypeofICMPmessageitis,andthe“code”fieldtellsuswhatthemessagereallymeans.Forexample,anICMPpacketwithatypeof3andacodeof2wouldtellusthisisa“destinationunreachable”messageand,morespecifically,a“hostunreachable”message—usuallyindicatingthatweareunabletocommunicatewiththeintendeddestination.BecauseICMPmessagesinIPv6canuseIPsec,ICMPv6messagescanhavesignificantprotectionsfromalteration.Unfortunately,ICMPhasbeengreatlyabusedbyattackersoverthelast
fewyearstoexecutedenial-of-service(DoS)attacks.BecauseICMPpacketsareverysmallandconnectionless,thousandsandthousandsofICMPpacketscanbegeneratedbyasinglesysteminaveryshortperiodoftime.AttackershavedevelopedmethodstotrickmanysystemsintogeneratingthousandsofICMPpacketswithacommondestination—theattacker’starget.Thiscreatesaliteralfloodoftrafficthatthetarget,andinmostcasesthenetworkthetargetsitson,isincapableofdealingwith.The
ICMPflooddrownsoutanyotherlegitimatetrafficandpreventsthetargetfromaccomplishingitsnormalduties—denyingaccesstotheservicethetargetnormallyprovides.ThishasledtomanyorganizationsblockingallexternalICMPtrafficattheperimeteroftheirorganization.
TechTip
ICMPMessageCodesWithICMPpackets,therealmessageofthepacketiscontainedinthe“typeandcode”fields,notthedatafield.FollowingaresomeofthemorecommonlyseenICMPtypecodes.NotethatICMPv6hasbrokenthelistingintotwotypes:errormessages(0—127)andinformationalmessages(128—255,presentedinthelatterhalfofthetable).IPv6introducesmanynewprotocols,twoofwhichwillhavesignificantimplications:theNeighborDiscoveryProtocol(NDP),whichmanagestheinteractionsbetweenneighboringIPv6nodes,andMulticastListenerDiscovery(MLD),whichmanagesIPv6multicastgroups.
TechTip
Manyofthemessageshaveassociatedcodevaluesthatmakethemessagemorespecific.For
example,ICMPv4messageswithatypeof3canhaveanyofthefollowingcodes:
CrossCheckPingSweepInChapter1youlearnedabouta“pingsweep.”Whatisapingsweepandwhatisitusedfor?WhattypesofICMPpacketscouldyouusetoconductapingsweep?HowdoesthisdifferbetweenICMPv4andICMPv6?
TechTip
ShouldYouBlockICMP?ICMPisaprotocolusedfortroubleshooting,errorreporting,andawidevarietyofassociatedfunctionality.ThisfunctionalityexpandsinICMPv6intomulticasting.ICMPgotabadnameprimarilybecauseofissuesassociatedwithpingandtraceroutecommands,buttheserepresentatinyminorityoftheprotocolfunctionality.TherearenumerousimportantusesassociatedwithICMP,andblockingitinitsentiretyisabadpractice.Blockingspecificcommandsandspecificsourcesmakessense;blanketblockingisapoorpracticethatwillleadtonetworkinefficiencies.BlockingICMPv6initsentiretywillblockalotofIPv6functionalitybecauseICMPisnowanintegralpartoftheprotocolsuite.
IPv4vs.IPv6ThemostcommonversionofIPinuseisIPv4,butthereleaseofIPv6,spurredbythedepletionoftheIPv4addressspace,hasbegunatypicallogarithmicadoptioncurve.IPv6hasmanysimilaritiestothepreviousversion,butitalsohassignificantnewenhancements,manyofwhichhavesignificantsecurityimplications.
ExpandedAddressSpaceTheexpansionoftheaddressspacefrom32bitsto128bitsisasignificantchange.WhereIPv4didnothaveenoughaddressesforeachpersononearth,IPv6hasover1500addressespersquaremeteroftheentireearth’ssurface.Thishasoneimmediateimplication:whereyoucoulduseascannertosearchalladdressesforresponsesinIPv4,doingthesameinIPv6willtakesignificantlylonger.AonemillisecondscaninIPv4equatestoa2.5billionyearscaninIPv6.Intheory,the128bitsofIPv6addressspacewillexpress3.4×1038possiblenodes.TheIPv6addressingprotocolhasbeendesignedtoallowforahierarchaldivisionoftheaddressspaceintoseverallayersofsubnets,toassistinthemaintainingofbothefficientandlogicaladdressallocations.OneexampleistheembeddingoftheIPv4
addressspaceintheIPv6space.Thisalsohasanintentionaleffectofsimplifyingthebackboneroutinginfrastructuresbyreducingtheroutingtablesize.
TechTip
IPv6TopSecurityConcernsTherearenumerousIPv6securityconcerns,sometechnical,someoperational.Someofthetopsecurityconcernsare
LackofIPv6securitytraining/education.
SecuritydevicebypassviaIPv6.PoorIPv6securitypolicies.
Addressnotationmakesgreppingthroughlogsdifficultifnotimpossible.IPv6complexityincreasesoperationalchallengesforcorrectdeployment.
NetworkDiscoveryIPv6introducestheNetworkDiscovery(NDP)protocol,whichisusefulforauto-configurationofnetworks.NDPcanenableavarietyofinterceptionandinterruptionthreatmodes.Amalevolentroutercanattachitselftoanetworkandrerouteorinterrupttrafficflows.
BenefitsofIPv6Changeisalwaysadifficulttask,andwhenthechangewilltouchvirtuallyeverythinginyoursystem,thismakesitevenmoredifficult.ChangingfromIPv4toIPv6isnotasimpletask,foritwillhaveaneffectoneverynetworkedresource.Thegoodnewsisthatthisisnotasuddenorsurpriseprocess;vendorshavebeenmakingproductsIPv6capableforalmostadecade.Bythispoint,virtuallyallthenetworkequipmentyourelyuponwillbedual-stackcapable,meaningthattheycanoperateinbothIPv4andIPv6networks.ThisprovidesamethodforanorderlytransferfromIPv4
toIPv6.IPv6hasmanyusefulbenefitsandultimatelywillbemoresecure
becauseithasmanysecurityfeaturesbuiltintothebaseprotocolseries.IPv6hasasimplifiedpacketheaderandnewaddressingscheme.Thiscanleadtomoreefficientroutingthroughsmallerroutingtablesandfasterpacketprocessing.IPv6wasdesignedtoincorporatemulticastingflowsnatively,whichallowsbandwidth-intensivemultimediastreamstobesentsimultaneouslytomultipledestinations.IPv6hasahostofnewservices,fromauto-configurationtomobiledeviceaddressing,andserviceenhancementstoimprovetherobustnessofQoSandVoIPfunctions.ThesecuritymodelofIPv6isbakedintotheprotocol,andis
significantlyenhancedfromthenonexistentoneinIPv4.IPv6isdesignedtobesecurefromsendertoreceiver,withIPsecavailablenativelyacrosstheprotocol.Thiswillsignificantlyimprovecommunicationlevelsecurity,butithasalsodrawnalotofattention.TheuseofIPsecwillchangethewaysecurityfunctionsareperformedacrosstheenterprise.OldIPv4methods,suchasNATandpacketinspectionmethodsofIDS,willneedtobeadjustedtothenewmodel.Securityapplianceswillhavetoadapttothenewprotocolanditsenhancednature.
PacketDeliveryProtocolsaredesignedtohelpinformationgetfromoneplacetoanother,butinordertodeliverapacketwehavetoknowwhereitisgoing.Packetdeliverycanbedividedintotwosections:localandremote.Ethernetiscommonforlocaldelivery,whileIPworksforremotedelivery.Localpacketdeliveryappliestopacketsbeingsentoutonalocalnetwork,whileremotepacketdeliveryappliestopacketsbeingdeliveredtoaremotesystem,suchasacrosstheInternet.Ultimately,packetsmayfollowalocaldelivery–remotedelivery–localdeliverypatternbeforereachingtheirintendeddestination.Thebiggestdifferenceinlocalversusremotedeliveryishowpacketsareaddressed.Networksystemshaveaddresses,notunlikeofficenumbersorstreetaddresses,andbeforeapacketcanbe
successfullydelivered,thesenderneedstoknowtheaddressofthedestinationsystem.
TechTip
MACAddressesEverynetworkdeviceshouldhaveauniqueMACaddress.ManufacturersofnetworkcardsandnetworkchipsetshaveblocksofMACaddressesassignedtothem,soyoucanoftentellwhattypeofequipmentissendingpacketsbylookingatthefirstthreepairsofhexadecimaldigitsinaMACaddress.Forexample“00-00-0C”wouldindicatethenetworkdevicewasbuiltbyCiscoSystems.
EthernetEthernetisthemostwidelyimplementedLayer2protocol.EthernetisstandardizedunderIEEE802.3.Ethernetworksbyforwardingpacketsonahop-to-hopbasisusingMACaddresses.Layer2addressingcanhavenumeroussecurityimplications.Layer2addressescanbepoisoned,spanningtreealgorithmscanbeattacked,VLANscanbehopped,andmore.Becauseofitsnearubiquity,Ethernetisacommonattackvector.Ithasmanyelementsthatmakeitusefulfromanetworkingpointofview,suchasitsbroadcastnatureanditsabilitytorunoverawiderangeofmedia.Butthesecanalsoactagainstsecurityconcerns.Wirelessconnectionsarefrequentlyconsideredtobeweakfromasecuritypointofview,butsoshouldEthernet,forunlessyouownthenetwork,youshouldconsiderthenetworktobeatrisk.
LocalPacketDeliveryPacketsdeliveredonanetwork,suchasanofficeLAN,areusuallysentusingthedestinationsystem’shardwareaddress,orMediaAccessControl(MAC)address.Eachnetworkcardornetworkdeviceis
supposedtohaveauniquehardwareaddresssothatitcanbespecificallyaddressedfornetworktraffic.MACaddressesareassignedtoadeviceornetworkcardbythemanufacturer,andeachmanufacturerisassignedaspecificblockofMACaddressestopreventtwodevicesfromsharingthesameMACaddress.MACaddressesareusuallyexpressedassixpairsofhexadecimaldigits,suchas00:07:e9:7c:c8:aa.Inorderforasystemtosenddatatoanothersystemonthenetwork,itmustfirstfindoutthedestinationsystem’sMACaddress.
TryThis!FindingMACAddressesonWindowsSystemsOpenacommandpromptonaWindowssystem.Typethecommandipconfig/allandfindyoursystem’sMACaddress.Hint:Itshouldbelistedunder“PhysicalAddress”onyournetworkadapters.Nowtypethecommandarp–aandpressENTER.Whatinformationdoesthisdisplay?CanyoufindtheMACaddressofyourdefaultgateway?
Maintainingalistofeverylocalsystem’sMACaddressisbothcostlyandtimeconsuming,andalthoughasystemmaystoreMACaddressestemporarilyforconvenience,inmanycasesthesendermustfindthedestinationMACaddressbeforesendinganypackets.Tofindanothersystem’sMACaddress,theAddressResolutionProtocol(ARP)isused.Essentially,thisisthecomputer’swayoffindingout“whoownstheblueconvertiblewithlicensenumber123JAK.”Inmostcases,systemsknowtheIPaddresstheywishtosendto,butnottheMACaddress.UsinganARPrequest,thesendingsystemwillsendoutaquery:Whois10.1.1.140?Thisbroadcastqueryisexaminedbyeverysystemonthelocalnetwork,butonlythesystemwhoseIPaddressis10.1.1.140willrespond.Thatsystemwillsendbackaresponsethatsays“I’m10.1.1.140andmyMACaddressis00:07:e9:7c:c8:aa.”Thesendingsystemwillthenformatthepacketfordeliveryanddropitonthenetworkmedia,stampedwiththeMACaddressofthedestinationworkstation.
MACaddressescanbe“spoofed”orfaked.Someoperatingsystemsallowuserswithadministrator-levelprivilegestoexplicitlysettheMACaddressfortheirnetworkcard(s).Forexample,inLinuxoperatingsystemsyoucanusetheifconfigcommandtochangeanetworkadapter’sMACaddress.Thecommandifconfigeth0hwether00:07:e9:7c:c8:aawillsettheMACaddressofadaptereth0to00:07:e9:7c:c8:aa.TherearealsoanumberofsoftwareutilitiesthatallowyoutodothisthroughaGUI,suchastheGNUMACChanger.GUIutilitiestochangeMACaddressesonWindowssystemsarealsoavailable.
CrossCheckMandatoryAccessControlvs.MediaAccessControlInChapter2youlearnedaboutadifferentMAC—mandatoryaccesscontrol.WhatisthedifferencebetweenmandatoryaccesscontrolandMediaAccessControl?Whatiseachusedfor?Whenusingacronymsitcanbecriticaltoensureallpartiesareawareofthecontextoftheirusage.
ARPAttacksARPoperatesinasimplisticandefficientmanner—abroadcastrequestfollowedbyaunicastreply.ThismethodleavesARPopentoattack,whichinturncanresultinlossesofintegrity,confidentiality,andavailability.BecauseARPservestoestablishcommunicationchannels,failuresatthislevelcanleadtosignificantsystemcompromises.ThereisawiderangeofARP-specificattacks,butonecanclassifythemintotypesbasedoneffect.
TechTip
RogueDeviceDetectionThereisalwaysariskofarogue(unauthorized)devicebeinginsertedintothenetwork.Todetectwhenthishappens,maintainingalistofallauthorizedMACaddressescanhelpdetectthesedevices.AlthoughMACscanbecopiedandspoofed,thiswouldalsosetupaconflictif
theoriginaldevicewaspresent.Monitoringfortheseconditionscandetecttheinsertionofaroguedevice.
ARPcanbeavectoremployedtoachieveaman-in-the-middleattack.Therearemanyspecificwaystocreatefalseentriesinamachine’sARPcache,buttheeffectisthesame:communicationswillberoutedtoanattacker.ThistypeofattackiscalledARPpoisoning.Theattackercanusethismethodtoinjecthimselfintothemiddleofacommunication,hijackasession,snifftraffictoobtainpasswordsorothersensitiveitems,orblocktheflowofdata,creatingadenialofservice.AlthoughARPisnotsecure,allisnotlostwithmanyARP-based
attacks.Higher-levelpacketprotectionssuchasIPseccanbeemployedsothatthepacketsareunreadablebyinterlopers.ThisisoneofthesecuritygainsassociatedwithIPv6,becausewhensecurityisemployedattheIPseclevel,packetsareprotectedbelowtheIPlevel,makingLayer2attackslesssuccessful.
RemotePacketDeliveryWhilepacketdeliveryonaLANisusuallyaccomplishedwithMACaddresses,packetdeliverytoadistantsystemisusuallyaccomplishedusingInternetProtocol(IP)addresses.IPaddressesare32-bitnumbersthatusuallyareexpressedasagroupoffournumbers(suchas10.1.1.132).Inordertosendapackettoaspecificsystemontheothersideoftheworld,youhavetoknowtheremotesystem’sIPaddress.StoringlargenumbersofIPaddressesoneveryPCisfartoocostly,andmosthumansarenotgoodatrememberingcollectionsofnumbers.However,humansaregoodatrememberingnames,sotheDomainNameSystem(DNS)protocolwascreated.
DNSDNStranslatesnamesintoIPaddresses.Whenyouenterthenameofyourfavoritewebsiteintothelocationbarofyourwebbrowserandpress
ENTER,thecomputerhastofigureoutwhatIPaddressbelongstothatname.YourcomputertakestheenterednameandsendsaquerytoalocalDNSserver.Essentially,yourcomputeraskstheDNSserver,“WhatIPaddressgoeswithwww.myfavoritesite.com?”TheDNSserver,whosemainpurposeinlifeistohandleDNSqueries,looksinitslocalrecordstoseeifitknowstheanswer.Ifitdoesn’t,theDNSserverqueriesanother,higher-leveldomainserver.Thatserverchecksitsrecordsandqueriestheserveraboveit,andsoonuntilamatchisfound.Thatname-to−IPaddressmatchingispassedbackdowntoyourcomputersoitcancreatethewebrequest,stampitwiththerightdestinationIPaddress,andsendit.
TheDomainNameSystemiscriticaltotheoperationoftheInternet—ifyourcomputercan’ttranslatewww.espn.cominto68.71.212.159,thenyourwebbrowserwon’tbeabletoaccessthelatestscores.(AsDNSisadynamicsystem,theIPaddressmaychangeforwww.espn.com;youcancheckwiththetracertcommand.)
Beforesendingthepacket,yoursystemwillfirstdetermineifthedestinationIPaddressisonalocalorremotenetwork.Inmostcases,itwillbeonaremotenetworkandyoursystemwillnotknowhowtoreachthatremotenetwork.Again,itwouldnotbepracticalforyoursystemtoknowhowtodirectlyreacheveryothersystemontheInternet,soyoursystemwillforwardthepackettoanetworkgateway.Networkgateways,usuallycalledrouters,aredevicesthatareusedtointerconnectnetworksandmovepacketsfromonenetworktoanother.ThatprocessofmovingpacketsfromonenetworktoanotheriscalledroutingandiscriticaltotheflowofinformationacrosstheInternet.Toaccomplishthistask,routersuseforwardingtablestodeterminewhereapacketshouldgo.Whenapacketreachesarouter,therouterlooksatthedestinationaddresstodeterminewheretosendthepacket.Iftherouter’sforwardingtablesindicatewherethepacketshouldgo,theroutersendsthepacketoutalongtheappropriateroute.Iftherouterdoesnotknowwherethedestinationnetworkis,itforwardsthepackettoitsdefinedgateway,whichrepeatsthe
sameprocess.Eventually,aftertraversingvariousnetworksandbeingpassedthroughvariousrouters,yourpacketarrivesattherouterservingthenetworkwiththewebsiteyouaretryingtoreach.ThisrouterdeterminestheappropriateMACaddressofthedestinationsystemandforwardsthepacketaccordingly.
DNSSECBecauseofthecriticalfunctionDNSperformsandthesecurityimplicationsofDNS,acryptographicallysignedversionofDNSwascreated.DNSSECisanextensionoftheoriginalDNSspecification,makingittrustworthy.DNSisoneofthepillarsofauthorityassociatedwiththeInternet—itprovidestheaddressesusedbymachinesforcommunications.LackoftrustinDNSandtheinabilitytoauthenticateDNSmessagesdrovetheneedforandcreationofDNSSEC.TheDNSSECspecificationwasformallypublishedin2005,butsystem-wideadoptionhasbeenslow.In2008,DanKaminskyintroducedamethodofDNScachepoisoning,demonstratingtheneedforDNSSECadoption.AlthoughKaminskyworkedwithvirtuallyallmajorvendorsandwasbehindoneofthemostcoordinatedpatchrolloutsever,theneedforDNSSECstillremainsandenterprisesareslowtoadoptthenewmethods.Oneofthereasonsforslowadoptioniscomplexity.HavingDNSrequestsandrepliesdigitallysignedrequiressignificantlymoreworkandtheincreaseincomplexitygoesagainstthestabilitydesiresofnetworkengineers.DNSwasdesignedinthe1980swhenthethreatmodelwassubstantially
differentthantoday.TheInternettoday,anditsuseforallkindsofcriticalcommunications,needsatrustworthyaddressingmechanism.DNSSECisthatmechanism,andasitrollsout,itwillsignificantlyincreasetheleveloftrustassociatedwithaddresses.Althoughcertificate-baseddigitalsignaturesarenotperfect,thelevelofefforttocompromisethistypeofprotectionmechanismchangesthenatureoftheattackgame,makingitoutofreachtoallbutthemostresourcedplayers.ThecouplednatureofthetrustchainsinDNSalsoservestoalerttoanyinterveningattacks,makingattacksmuchhardertohide.
IPAddressesandSubnettingThelastsectionmentionedthatIPv4addressesare32-bitnumbers.Those32bitsarerepresentedasfourgroupsof8bitseach(calledoctets).YouwillusuallyseeIPaddressesexpressedasfoursetsofdecimalnumbersindotted-decimalnotation,10.120.102.15forexample.Ofthose32bitsinanIPaddress,someareusedforthenetworkportionoftheaddress(thenetworkID),andsomeareusedforthehostportionoftheaddress(thehostID).Subnettingistheprocessthatisusedtodividethose32bitsinanIPaddressandtellyouhowmanyofthe32bitsarebeingusedforthenetworkIDandhowmanyarebeingusedforthehostID.Asyoucanguess,whereandhowyoudividethe32bitsdetermineshowmanynetworksandhowmanyhostaddressesyoumayhave.Tointerpretthe32-bitspacecorrectly,wemustuseasubnetmask,whichtellsusexactlyhowmuchofthespaceisthenetworkportionandhowmuchisthehostportion.Let’slookatanexampleusingtheIPaddress10.10.10.101withasubnetmaskof255.255.255.0.
TechTip
HowDNSWorksDNSisahierarchicaldistributeddatabasestructureofnamesandaddresses.ThissystemisdelegatedfromrootserverstootherDNSserversthateachmanagelocalrequestsforinformation.Thetoplevelofauthorities,referredtoasauthoritativesources,maintainthecorrectauthoritativerecord.Asrecordschange,theyarepushedoutbetweenDNSservers,sorecordscanbemaintainedinasnearacurrentfashionaspossible.TransfersofDNSrecordsbetweenDNSserversarecalledDNSzonetransfers.Becausethesecanresultinmassivepoisoningattacks,zonetransfersneedtobetightlycontrolledbetweentrustedparties.Toavoidrequestcongestion,DNSresponsesarehandledbyamyriadoflowernameservers,referredtoasresolvers.Resolvershaveacounterthatrefreshestheirrecordafteratimelimithasbeenreached.Undernormaloperation,theDNSfunctionisatwo-stepprocess:
1.TheclientrequestsaDNSrecord.2.TheresolverreplieswithaDNSreply.
Iftheresolverisoutofdate,thestepsexpand:
1.TheclientrequestsaDNSrecord.2.Therecursiveresolverqueriestheauthoritativeserver.3.Theauthoritativeserverrepliestotherecursiveresolver.4.TherecursiveresolverreplieswithaDNSresponsetoclient.ForamoredetailedexplanationofDNS,checkoutDNSforRocketScientists,www.zytrax.com/books/dns/.
Firstwemustconverttheaddressandsubnetmasktotheirbinaryrepresentations:
SubnetMask:11111111.11111111.11111111.00000000IPAddress:00001010.00001010.00001010.01100101
Then,weperformabitwiseANDoperationtogetthenetworkaddress.ThebitwiseANDoperationexamineseachsetofmatchingbitsfromthebinaryrepresentationofthesubnetmaskandthebinaryrepresentationoftheIPaddress.Foreachsetwhereboththemaskandaddressbitsare1,theresultoftheANDoperationisa1.Otherwise,ifeitherbitisa0,theresultisa0.So,forourexampleweget
NetworkAddress:00001010.00001010.00001010.00000000
whichindecimalis10.10.10.0,thenetworkIDofourIPnetworkaddress(translatethebinaryrepresentationtodecimal).ThenetworkIDandsubnetmasktogethertellusthatthefirstthree
octetsofouraddressarenetwork-related(10.10.10.),whichmeansthatthelastoctetofouraddressisthehostportion(101inthiscase).Inourexample,thenetworkportionoftheaddressis10.10.10andthehostportionis101.Anothershortcutinidentifyingwhichofthe32bitsisbeingusedinthenetworkIDistolookatthesubnetmaskafterit’sbeenconvertedtoitsbinaryrepresentation.Ifthere’sa1inthesubnetmask,thenthecorrespondingbitinthebinaryrepresentationoftheIPaddressisbeingusedaspartofthenetworkID.Intheprecedingexample,thesubnetmaskof255.255.255.0inbinaryrepresentationis11111111.11111111.11111111.00000000.Wecanseethatthere’sa1inthefirst24spots,whichmeansthatthefirst24bitsoftheIPaddressare
beingusedasthenetworkID(whichisthefirstthreeoctetsof255.255.255).Networkaddressspacesareusuallydividedintooneofthreeclasses:
ClassASupports16,777,214hostsoneachnetworkwithadefaultsubnetmaskof255.0.0.0Subnets:0.0.0.0to126.255.255.255(127.0.0.0to127.255.255.255isreservedforloopback)
ClassBSupports65,534hostsoneachnetworkwithadefaultsubnetmaskof255.255.0.0Subnets:128.0.0.0to191.255.255.255
ClassCSupports253hostsoneachnetworkwithadefaultsubnetmaskof255.255.255.0(seeFigure9.10)Subnets:192.0.0.0to223.255.255.255
•Figure9.10Asubnetmaskof255.255.255.0indicatesthisisaClassCaddressspace.
Everythingabove224.0.0.0isreservedforeithermulticastingorfutureuse.
TechTip
RFC1918—PrivateAddressSpacesRFC1918isthetechnicalspecificationforprivateaddressspace.RFCstandsfor“RequestforComment”andthereareRFCsforjustabouteverythingtodowiththeInternet—protocols,routing,howtohandlee-mail,andsoon.YoucanfindRFCsatwww.ietf.org/rfc.html.
Inaddition,certainsubnetsarereservedforprivateuseandarenotroutedacrosspublicnetworkssuchastheInternet:
10.0.0.0to10.255.255.255
172.16.0.0to172.31.255.255
192.168.0.0to192.168.255.255
169.254.0.0to169.254.255.255(AutomaticPrivateIPAddressing)
Finally,whendeterminingthevalidhoststhatcanbeplacedonaparticularsubnet,youhavetokeepinmindthatthe“all0’s”addressofthehostportionisreservedforthenetworkaddressandthe“all1’s”addressofthehostportionisreservedforthebroadcastaddressofthatparticularsubnet.Againfromourearlierexample:
SubnetNetworkAddress:10.10.10.000001010.00001010.00001010.00000000
BroadcastAddress:10.10.10.25500001010.00001010.00001010.11111111
Intheirforwardingtables,routersmaintainlistsofnetworksandtheaccompanyingsubnetmask.Withthesetwopieces,theroutercanexamine
thedestinationaddressofeachpacketandthenforwardthepacketontotheappropriatedestination.Asmentionedearlier,subnettingallowsustodividenetworksinto
smallerlogicalunits,andweusesubnetmaskstodothis.Buthowdoesthiswork?RememberthatthesubnetmasktellsushowmanybitsarebeingusedtodescribethenetworkID—adjustingthesubnetmask(andthenumberofbitsusedtodescribethenetworkID)allowsustodivideanaddressspaceintomultiple,smallerlogicalnetworks.Let’ssayyouhaveasingleaddressspaceof192.168.45.0thatyouneedtodivideintomultiplenetworks.Thedefaultsubnetmaskis255.255.255.0,whichmeansyou’reusing24bitsasthenetworkIDand8bitsasthehostID.Thisgivesyou254differenthostaddresses.Butwhatifyouneedmorenetworksanddon’tneedasmanyhostaddresses?Youcansimplyadjustyoursubnetmasktoborrowsomeofthehostbitsandusethemasnetworkbits.Ifyouuseasubnetmaskof255.255.255.224,youareessentially“borrowing”thefirst3bitsfromthespaceyouwereusingtodescribehostIDsandusingthemtodescribethenetworkID.ThisgivesyoumorespacetocreatedifferentnetworksbutmeansthateachnetworkwillnowhavefeweravailablehostIDs.Witha255.255.255.224subnetmask,youcancreatesixdifferentsubnets,buteachsubnetcanonlyhave30uniquehostIDs.Ifyouborrow6bitsfromthehostIDportionanduseasubnetmaskof255.255.255.252,youcancreate62differentnetworksbuteachofthemcanonlyhavetwouniquehostIDs.
TryThis!CalculatingSubnetsandHostsGivenanetworkIDof192.168.10.Xandasubnetmaskof255.255.255.224,youshouldbeabletocreateeightnetworkswithspacefor30hostsoneachnetwork.Calculatethenetworkaddress,thefirstusableIPaddressinthatsubnet,andthelastusableIPaddressinthatsubnet.Hint:Thefirstnetworkwillbe192.168.10.0.ThefirstusableIPaddressinthatsubnetis192.168.10.1andthelastusableIPaddressinthatsubnetis192.168.10.30.
TechTip
DynamicHostConfigurationProtocolWhenanadministratorsetsupanetwork,theyusuallyassignIPaddressestosystemsinoneoftwoways:staticallyorthroughDHCP.AstaticIPaddressassignmentisfairlysimple;theadministratordecideswhatIPaddresstoassigntoaserverorPC,andthatIPaddressstaysassignedtothatsystemuntiltheadministratordecidestochangeit.TheotherpopularmethodisthroughtheDynamicHostConfigurationProtocol(DHCP).UnderDHCP,whenasystembootsuporisconnectedtothenetwork,itsendsoutaquerylookingforaDHCPserver.IfaDHCPserverisavailableonthenetwork,itanswersthenewsystemandtemporarilyassignstothenewsystemanIPaddressfromapoolofdedicated,availableaddresses.DHCPisan“asavailable”protocol—iftheserverhasalreadyallocatedalltheavailableIPaddressesintheDHCPpool,thenewsystemwillnotreceiveanIPaddressandwillnotbeabletoconnecttothenetwork.AnotherkeyfeatureofDHCPistheabilitytolimithowlongasystemmaykeepitsDHCP-assignedIPaddress.DHCPaddresseshavealimitedlifespan,andoncethattimeperiodexpires,thesystemusingthatIPaddressmusteitherrenewuseofthataddressorrequestanotheraddressfromtheDHCPserver.TherequestingsystemeithermayendupwiththesameIPaddressormaybeassignedacompletelynewaddress,dependingonhowtheDHCPserverisconfiguredandonthecurrentdemandforavailableaddresses.DHCPisverypopularinlargeuserenvironmentswherethecostofassigningandtrackingIPaddressesamonghundredsorthousandsofusersystemsisextremelyhigh.
NetworkAddressTranslationIfyou’rethinkingthata32-bitaddressspacethat’schoppedupandsubnettedisn’tenoughtohandleallthesystemsintheworld,you’reright.WhileIPv4addressblocksareassignedtoorganizationssuchascompaniesanduniversities,thereusuallyaren’tenoughInternet-visibleIPaddressestoassigntoeverysystemontheplanetaunique,Internet-routableIPaddress.TocompensateforthislackofavailableIPaddressspace,weuseNetworkAddressTranslation(NAT).NATtranslatesprivate(nonroutable)IPaddressesintopublic(routable)IPaddresses.Fromourdiscussionsearlierinthischapter,youmayrememberthat
certainIPaddressblocksarereservedfor“privateuse,”andyou’dprobablyagreethatnoteverysysteminanorganizationneedsadirect,Internet-routableIPaddress.Actually,forsecurityreasons,it’smuch
betterifmostofanorganization’ssystemsarehiddenfromdirectInternetaccess.MostorganizationsbuildtheirinternalnetworksusingtheprivateIPaddressranges(suchas10.1.1.X)topreventoutsidersfromdirectlyaccessingthoseinternalnetworks.However,inmanycasesthosesystemsstillneedtobeabletoreachtheInternet.ThisisaccomplishedbyusingaNATdevice(typicallyafirewallorrouter)thattranslatesthemanyinternalIPaddressesintooneofasmallnumberofpublicIPaddresses.Forexample,considerafictitiouscompany,ACME.com.ACMEhas
severalthousandinternalsystemsusingprivateIPaddressesinthe10.X.X.Xrange.ToallowthoseIPstocommunicatewiththeoutsideworld,ACMEleasesanInternetconnectionandafewpublicIPaddresses,anddeploysaNAT-capabledevice.ACMEadministratorsconfigurealltheirinternalhoststousetheNATdeviceastheirdefaultgateway.Wheninternalhostsneedtosendpacketsoutsidethecompany,theysendthemtotheNATdevice.TheNATdeviceremovestheinternalsourceIPaddressoutoftheoutboundpacketsandreplacesitwiththeNATdevice’spublic,routableaddressandsendsthemontheirway.Whenresponsepacketsarereceivedfromoutsidesources,thedeviceperformsNATinreverse,strippingofftheexternal,publicIPaddressinthedestinationaddressfieldandreplacingitwiththecorrectinternal,privateIPaddressinthedestinationaddressfieldandreplacingitwiththecorrectinternal,privateIPaddressbeforesendingitonintotheprivateACME.comnetwork.Figure9.11illustratesthisNATprocess.
•Figure9.11LogicaldepictionofNAT
TechTip
DifferentApproachesforImplementingNATWhiletheconceptofNATremainsthesame,thereareactuallyseveraldifferentapproachestoimplementingNAT.Forexample:
StaticNATMapsaninternal,privateaddresstoanexternal,publicaddress.Thesamepublicaddressisalwaysusedforthatprivateaddress.Thistechniqueisoftenusedwhenhostingsomethingyouwishthepublictobeabletogetto,suchasawebserver,behindafirewall.
DynamicNATMapsaninternal,privateIPaddresstoapublicIPaddressselectedfromapoolofregistered(public)IPaddresses.Thistechniqueisoftenusedwhentranslatingaddressesforend-userworkstationsandtheNATdevicemustkeeptrackofinternal/externaladdressmappings.
PortAddressTranslation(PAT)Allowsmanydifferentinternal,privateaddressestoshareasingleexternalIPaddress.DevicesperformingPATreplacethesourceIPaddress
withtheNATIPaddressandreplacethesourceportfieldwithaportfromanavailableconnectionpool.PATdeviceskeepatranslationtabletotrackwhichinternalhostsareusingwhichportssothatsubsequentpacketscanbestampedwiththesameportnumber.Whenresponsepacketsarereceived,thePATdevicereversestheprocessandforwardsthepackettothecorrectinternalhost.PATisaverypopularNATtechniqueandinuseatmanyorganizations.
InFigure9.11,weseeanexampleofNATbeingperformed.Aninternalworkstation(10.10.10.12)wantstovisittheESPNwebsiteatwww.espn.com(68.71.212.159).WhenthepacketreachestheNATdevice,thedevicetranslatesthe10.10.10.12sourceaddresstothegloballyroutable63.69.110.110address,theIPaddressofthedevice’sexternallyvisibleinterface.WhentheESPNwebsiteresponds,itrespondstothedevice’saddressjustasiftheNATdevicehadoriginallyrequestedtheinformation.TheNATdevicemustthenrememberwhichinternalworkstationrequestedtheinformationandroutethepackettotheappropriatedestination.
SecurityZonesThefirstaspectofsecurityisalayereddefense.Justasacastlehasamoat,anoutsidewall,aninsidewall,andevenakeep,so,too,doesamodernsecurenetworkhavedifferentlayersofprotection.Differentzonesaredesignedtoprovidelayersofdefense,withtheoutermostlayersprovidingbasicprotectionandtheinnermostlayersprovidingthehighestlevelofprotection.Aconstantissueisthataccessibilitytendstobeinverselyrelatedtolevelofprotection,soitismoredifficulttoprovidecompleteprotectionandunfetteredaccessatthesametime.Trade-offsbetweenaccessandsecurityarehandledthroughzones,withsuccessivezonesguardedbyfirewallsenforcingever-increasinglystrictsecuritypolicies.TheoutermostzoneistheInternet,afreearea,beyondanyspecificcontrols.Betweentheinner,securecorporatenetworkandtheInternetisanareawheremachinesareconsideredatrisk.ThiszonehascometobecalledtheDMZ,afteritsmilitarycounterpart,thedemilitarizedzone,
whereneithersidehasanyspecificcontrols.Onceinsidetheinner,securenetwork,separatebranchesarefrequentlycarvedouttoprovidespecificfunctionality;underthisheading,wewillalsodiscussintranets,extranets,flatnetworks,enclaves,virtualLANs(VLANs),andzonesandconduits.
DMZTheDMZisamilitarytermforgroundseparatingtwoopposingforces,byagreementandforthepurposeofactingasabufferbetweenthetwosides.ADMZinacomputernetworkisusedinthesameway;itactsasabufferzonebetweentheInternet,wherenocontrolsexist,andtheinner,securenetwork,whereanorganizationhassecuritypoliciesinplace(seeFigure9.12).Todemarcatethezonesandenforceseparation,afirewallisusedoneachsideoftheDMZ.Theareabetweenthesefirewallsisaccessiblefromeithertheinner,securenetworkortheInternet.Figure9.12illustratesthesezonesascausedbyfirewallplacement.ThefirewallsarespecificallydesignedtopreventaccessacrosstheDMZdirectly,fromtheInternettotheinner,securenetwork.ItisimportanttonotethattypicallyonlyfilteredInternettrafficisallowedintotheDMZ.Forexample,anorganizationhostingawebserverandanFTPserverinitsDMZmaywantthepublictobeableto“see”thoseservicesbutnothingelse.InthatcasethefirewallmayallowFTP,HTTP,andHTTPStrafficintotheDMZfromtheInternetandthenfilterouteverythingelse.
•Figure9.12TheDMZandzonesoftrust
SpecialattentionshouldbepaidtothesecuritysettingsofnetworkdevicesplacedintheDMZ,andtheyshouldbeconsideredatalltimestobeatriskforcompromisebyunauthorizeduse.Acommonindustryterm,hardenedoperatingsystem,appliestomachineswhosefunctionalityislockeddowntopreservesecurity—unnecessaryservicesandsoftwareareremovedordisabled,functionsarelimited,andsoon.ThisapproachneedstobeappliedtothemachinesintheDMZ,andalthoughitmeansthattheirfunctionalityislimited,suchprecautionsensurethatthemachineswillworkproperlyinaless-secureenvironment.Manytypesofserversbelonginthisarea,includingwebserversthatare
servingcontenttoInternetusers,aswellasremoteaccessserversandexternale-mailservers.Ingeneral,anyserverdirectlyaccessedfromtheoutside,untrustedInternetzoneneedstobeintheDMZ.OtherserversshouldnotbeplacedintheDMZ.Domainnameserversforyourinner,
trustednetworkanddatabaseserversthathousecorporatedatabasesshouldnotbeaccessiblefromtheoutside.Applicationservers,fileservers,printservers—allofthestandardserversusedinthetrustednetwork—shouldbebehindbothfirewallsandtheroutersandswitchesusedtoconnectthesemachines.TheideabehindtheuseoftheDMZtopologyistoprovidepublicly
visibleserviceswithoutallowinguntrustedusersaccesstoyourinternalnetwork.Iftheoutsideusermakesarequestforaresourcefromthetrustednetwork,suchasadataelementfromaninternaldatabasethatisaccessedviaapubliclyvisiblewebpageintheDMZ,thenthisrequestneedstofollowthisscenario:
1.Auserfromtheuntrustednetwork(theInternet)requestsdataviaawebpagefromawebserverintheDMZ.
2.ThewebserverintheDMZrequeststhedatafromtheapplicationserver,whichcanbeintheDMZorintheinner,trustednetwork.
3.Theapplicationserverrequeststhedatafromthedatabaseserverinthetrustednetwork.
4.Thedatabaseserverreturnsthedatatotherequestingapplicationserver.
5.Theapplicationserverreturnsthedatatotherequestingwebserver.6.Thewebserverreturnsthedatatotherequestinguserfromthe
untrustednetwork.
ExamTip:DMZsactasabufferzonebetweenunprotectedareasofanetwork(theInternet)andprotectedareas(sensitivecompanydatastores),allowingforthemonitoringandregulationoftrafficbetweenthesetwozones.
Thisseparationaccomplishestwospecific,independenttasks.First,theuserisseparatedfromtherequestfordataonasecurenetwork.Byhaving
intermediariesdotherequesting,thislayeredapproachallowssignificantsecuritylevelstobeenforced.Usersdonothavedirectaccessorcontrolovertheirrequests,andthisfilteringprocesscanputcontrolsinplace.Second,scalabilityismoreeasilyrealized.Themultiple-serversolutioncanbemadetobeveryscalable,literallytomillionsofusers,withoutslowingdownanyparticularlayer.
InternetTheInternetisaworldwideconnectionofnetworksandisusedtotransporte-mail,files,financialrecords,remoteaccess—younameit—fromonenetworktoanother.TheInternetisnotasinglenetwork,butaseriesofinterconnectednetworksthatallowsprotocolstooperateandenabledatatoflowacrossit.Thismeansthatevenifyournetworkdoesn’thavedirectcontactwitharesource,aslongasaneighbor,oraneighbor’sneighbor,andsoon,cangetthere,socanyou.Thislargeweballowsusersalmostinfiniteabilitytocommunicatebetweensystems.
Thereareover3.2billionusersontheInternet,andEnglishisthemostusedlanguage.
Becauseeverythingandeveryonecanaccessthisinterconnectedwebanditisoutsideofyourcontrolandabilitytoenforcesecuritypolicies,theInternetshouldbeconsideredanuntrustednetwork.AfirewallshouldexistatanyconnectionbetweenyourtrustednetworkandtheInternet.ThisisnottoimplythattheInternetisabadthing—itisagreatresourceforallnetworksandaddssignificantfunctionalitytoourcomputingenvironments.ThetermWorldWideWeb(WWW)isfrequentlyusedsynonymously
torepresenttheInternet,buttheWWWisactuallyjustonesetofservicesavailableviatheInternet.WWWor“theWeb”ismorespecificallytheHypertextTransferProtocol(HTTP)–basedservicesthataremade
availableovertheInternet.Thiscanincludeavarietyofactualservicesandcontent,includingtextfiles,pictures,streamingaudioandvideo,andevenvirusesandworms.
IntranetAnintranetdescribesanetworkthathasthesamefunctionalityastheInternetforusersbutliescompletelyinsidethetrustedareaofanetworkandisunderthesecuritycontrolofthesystemandnetworkadministrators.Typicallyreferredtoascampusorcorporatenetworks,intranetsareusedeverydayincompaniesaroundtheworld.Anintranetallowsadeveloperandauserthefullsetofprotocols—HTTP,FTP,instantmessaging,andsoon—thatisofferedontheInternet,butwiththeaddedadvantageoftrustfromthenetworksecurity.ContentonintranetwebserversisnotavailableovertheInternettountrustedusers.Thislayerofsecurityoffersasignificantamountofcontrolandregulation,allowinguserstofulfillbusinessfunctionalitywhileensuringsecurity.Twomethodscanbeusedtomakeinformationavailabletooutside
users:DuplicationofinformationontomachinesintheDMZcanmakeitavailabletootherusers.Propersecuritychecksandcontrolsshouldbemadepriortoduplicatingthematerialtoensuresecuritypoliciesconcerningspecificdataavailabilityarebeingfollowed.Alternatively,extranets(discussedinthenextsection)canbeusedtopublishmaterialtotrustedpartners.
ExamTip:Anintranetisaprivate,internalnetworkthatusescommonnetworktechnologies(suchasHTTP,FTP,andsoon)toshareinformationandprovideresourcestoorganizationalusers.
ShouldusersinsidetheintranetrequireaccesstoinformationfromtheInternet,aproxyservercanbeusedtomasktherequestor’slocation.This
helpssecuretheintranetfromoutsidemappingofitsactualtopology.AllInternetrequestsgototheproxyserver.Ifarequestpassesfilteringrequirements,theproxyserver,assumingitisalsoacacheserver,looksinitslocalcacheofpreviouslydownloadedwebpages.Ifitfindsthepageinitscache,itreturnsthepagetotherequestorwithoutneedingtosendtherequesttotheInternet.Ifthepageisnotinthecache,theproxyserver,actingasaclientonbehalfoftheuser,usesoneofitsownIPaddressestorequestthepagefromtheInternet.Whenthepageisreturned,theproxyserverrelatesittotheoriginalrequestandforwardsitontotheuser.Thismaskstheuser’sIPaddressfromtheInternet.Proxyserverscanperformseveralfunctionsforafirm;forexample,theycanmonitortrafficrequests,eliminatingimproperrequestssuchasinappropriatecontentforwork.Theycanalsoactasacacheserver,cuttingdownonoutsidenetworkrequestsforthesameobject.Finally,proxyserversprotecttheidentityofinternalIPaddressesusingNAT,althoughthisfunctioncanalsobeaccomplishedthrougharouterorfirewallusingNATaswell.
ExtranetAnextranetisanextensionofaselectedportionofacompany’sintranettoexternalpartners.Thisallowsabusinesstoshareinformationwithcustomers,suppliers,partners,andothertrustedgroupswhileusingacommonsetofInternetprotocolstofacilitateoperations.Extranetscanusepublicnetworkstoextendtheirreachbeyondacompany’sowninternalnetwork,andsomeformofsecurity,typicallyVPN,isusedtosecurethischannel.Theuseofthetermextranetimpliesbothprivacyandsecurity.Privacyisrequiredformanycommunications,andsecurityisneededtopreventunauthorizeduseandeventsfromoccurring.Bothofthesefunctionscanbeachievedthroughtheuseoftechnologiesdescribedinthischapterandotherchaptersinthisbook.Properfirewallmanagement,remoteaccess,encryption,authentication,andsecuretunnelsacrosspublicnetworksareallmethodsusedtoensureprivacyandsecurityforextranets.
ExamTip:Anextranetisasemiprivatenetworkthatusescommonnetworktechnologies(suchasHTTP,FTP,andsoon)toshareinformationandprovideresourcestobusinesspartners.Extranetscanbeaccessedbymorethanonecompany,becausetheyshareinformationbetweenorganizations.
FlatNetworksAsnetworkshavebecomemorecomplex,withmultiplelayersoftiersandinterconnections,aproblemcanariseinconnectivity.OneofthelimitationsoftheSpanningTreeProtocol(STP)isitsinabilitytomanageLayer2trafficefficientlyacrosshighlycomplexnetworks.STPwascreatedtopreventloopsinLayer2networksandhasbeenimprovedtothecurrentversionofRapidSpanningTreeProtocol(RSTP).RSTPcreatesaspanningtreewithinthenetworkofLayer2switches,disablinglinksthatarenotpartofthespanningtree.RSTP,IEEE802.1w,providesamorerapidconvergencetoanewspanningtreesolutionaftertopologychangesaredetected.Theproblemwiththespanningtreealgorithmsisthatthenetworktrafficisinterruptedwhilethesystemrecalculatesandreconfigures.Thesedisruptionscancauseproblemsinnetworkefficienciesandhaveledtoapushforflatnetworkdesigns,whichavoidpacket-loopingissuesthroughanarchitecturethatdoesnothavetiers.Onenameassociatedwithflatnetworktopologiesisnetworkfabric,a
termmeanttodescribeaflat,depthlessnetwork.Thesearebecomingincreasinglypopularindatacenters,andotherareasofhightrafficdensity,astheycanofferincreasedthroughputandlowerlevelsofnetworkjitterandotherdisruptions.Whilethisisgoodforefficiencyofnetworkoperations,this“everyonecantalktoeveryone”ideaisproblematicwithrespecttosecurity.
Enclaves
Modernnetworks,withtheirincreasinglycomplexconnections,resultinsystemswherenavigationcanbecomecomplexbetweennodes.JustasaDMZ-basedarchitectureallowsfordifferinglevelsoftrust,theisolationofspecificpiecesofthenetworkusingsecurityrulescanprovidedifferingtrustenvironments.Theconceptofbreakinganetworkintoenclavescancreateareasoftrustwherespecialprotectionscanbeemployedandtrafficfromoutsidetheenclaveislimitedorproperlyscreenedbeforeadmission.Enclavesarenotdiametricallyopposedtotheconceptofaflatnetwork
structure;theyarejustcarved-outareas,likegatedneighborhoods,whereoneneedsspecialcredentialstoenter.Avarietyofsecuritymechanismscanbeemployedtocreateasecureenclave.Layer2addressing(subnetting)canbeemployed,makingdirectaddressabilityanissue.Firewalls,routers,andapplication-levelproxiescanbeemployedtoscreenpacketsbeforeentryorexitfromtheenclave.Eventhepeoplesideofthesystemcanberestrictedthroughtheuseofaspecialsetofsysadminstomanagethesystems.Enclavesareanimportanttoolinmodernsecurenetworkdesign.Figure
9.13showsanetworkdesignwithastandardtwo-firewallimplementationofaDMZ.Ontheinternalsideofthenetwork,multiplefirewallscanbeseen,carvingoffindividualsecurityenclaves,zoneswherethesamesecurityrulesapply.Commonenclavesincludethoseforhigh-securitydatabases,low-securityusers(callcenters),public-facingkiosks,andthemanagementinterfacestoserversandnetworkdevices.Havingeachoftheseinitsownzoneprovidesformoresecuritycontrol.Onthemanagementlayer,usinganonroutableIPaddressschemeforalloftheinterfacespreventsthemfrombeingdirectlyaccessedfromtheInternet.
•Figure9.13Secureenclaves
VLANsALANisasetofdeviceswithsimilarfunctionalityandsimilarcommunicationneeds,typicallyco-locatedandoperatedoffasingleswitch.Thisisthelowestlevelofanetworkhierarchyanddefinesthedomainforcertainprotocolsatthedatalinklayerforcommunication.AvirtualLAN(VLAN)isalogicalimplementationofaLANandallowscomputersconnectedtodifferentphysicalnetworkstoactandcommunicateasiftheywereonthesamephysicalnetwork.AVLANhasmanyofthesamecharacteristicattributesofaLANandbehavesmuchlikeaphysicalLANbutisimplementedusingswitchesandsoftware.Thisverypowerfultechniqueallowssignificantnetworkflexibility,scalability,andperformanceandallowsadministratorstoperformnetworkreconfigurationswithouthavingtophysicallyrelocateorrecablesystems.
ExamTip:Abroadcastdomainisalogicaldivisionofacomputernetwork.Systemsconnectedtoabroadcastdomaincancommunicatewitheachotherasiftheywereconnectedtothesamephysicalnetworkevenwhentheyarenot.
TrunkingTrunkingistheprocessofspanningasingleVLANacrossmultipleswitches.Atrunk-basedconnectionbetweenswitchesallowspacketsfromasingleVLANtotravelbetweenswitches,asshowninFigure9.14.Twotrunksareshowninthefigure:VLAN10isimplementedwithonetrunkandVLAN20isimplementedwiththeother.HostsondifferentVLANscannotcommunicateusingtrunksandthusareswitchedacrosstheswitchnetwork.TrunksenablenetworkadministratorstosetupVLANsacrossmultipleswitcheswithminimaleffort.WithacombinationoftrunksandVLANs,networkadministratorscansubnetanetworkbyuserfunctionalitywithoutregardtohostlocationonthenetworkortheneedtorecablemachines.
•Figure9.14VLANsandtrunks
SecurityImplicationsVLANsareusedtodivideasinglenetworkintomultiplesubnetsbasedonfunctionality.Thispermitsaccountingandmarketing,forexample,toshareaswitchbecauseofproximityyetstillhaveseparatetrafficdomains.Thephysicalplacementofequipmentandcablesislogicallyandprogrammaticallyseparatedsothatadjacentportsonaswitchcanreferenceseparatesubnets.Thispreventsunauthorizeduseofphysically
closedevicesthroughseparatesubnetsthatareonthesameequipment.VLANsalsoallowanetworkadministratortodefineaVLANthathasnousersandmapalloftheunusedportstothisVLAN(somemanagedswitchesallowadministratorstosimplydisableunusedportsaswell).Then,ifanunauthorizedusershouldgainaccesstotheequipment,thatuserwillbeunabletouseunusedports,asthoseportswillbesecurelydefinedtonothing.BothapurposeandasecuritystrengthofVLANsisthatsystemsonseparateVLANscannotdirectlycommunicatewitheachother.
TrunksandVLANshavesecurityimplicationsthatyouneedtoheedsothatfirewallsandothersegmentationdevicesarenotbreachedthroughtheiruse.YoualsoneedtounderstandhowtousetrunksandVLANs,topreventanunauthorizeduserfromreconfiguringthemtogainundetectedaccesstosecureportionsofanetwork.
ZonesandConduitsThetermszonesandconduitshavespecializedmeaningincontrolsystemnetworks.Controlsystemsarethecomputersusedtocontrolphysicalprocesses,rangingfromtrafficlightstorefineries,manufacturingplants,criticalinfrastructure,andmore.ThesenetworksarenowbeingattachedtoenterprisenetworksandthiswillresultintheinclusionofcontrolsystemnetworkterminologyintoIT/network/securityoperationsterminology.Atermcommonlyusedincontrolsystemnetworksiszone.Azoneisagroupingofelementsthatsharecommonsecurityrequirements.Aconduitisdefinedasthepathfortheflowofdatabetweenzones.Zonesaresimilartoenclavesinthattheyhaveadefinedsetofcommon
securityrequirementsthatdifferfromoutsidethezone.Thezoneismarkedonadiagram,indicatingtheboundarybetweenwhatisinandoutsidethezone.Alldataflowsinoroutofazonemustbebyadefinedconduit.Theconduitallowsameanstofocusthesecurityfunctiononthe
dataflows,ensuringtheappropriateconditionsaremetbeforedataentersorleavesazone.
TunnelingTunnelingisamethodofpackagingpacketssothattheycantraverseanetworkinasecure,confidentialmanner.Tunnelinginvolvesencapsulatingpacketswithinpackets,enablingdissimilarprotocolstocoexistinasinglecommunicationstream,asinIPtrafficroutedoveranAsynchronousTransferMode(ATM)network.Tunnelingalsocanprovidesignificantmeasuresofsecurityandconfidentialitythroughencryptionandencapsulationmethods.ThebestexampleofthisisaVPNthatisestablishedoverapublicnetworkthroughtheuseofatunnel,asshowninFigure9.15,connectingafirm’sBostonofficetoitsNewYorkCity(NYC)office.
•Figure9.15Tunnelingacrossapublicnetwork
Assume,forexample,thatacompanyhasmultiplelocationsanddecidestousethepublicInternettoconnectthenetworksattheselocations.Tomaketheseconnectionssecurefromoutsideunauthorizeduse,thecompanycanemployaVPNconnectionbetweenthedifferentnetworks.Oneachnetwork,anedgedevice,usuallyarouterorVPNconcentrator,connectstoanotheredgedeviceontheothernetwork.Then,usingIPsecprotocols,theseroutersestablishasecure,encryptedpathbetweenthem.
Thissecurelyencryptedsetofpacketscannotbereadbyoutsiderouters;onlytheaddressesoftheedgeroutersarevisible.ThisarrangementactsasatunnelacrossthepublicInternetandestablishesaprivateconnection,securefromoutsidesnoopingoruse.Becauseofeaseofuse,low-costhardware,andstrongsecurity,tunnels
andtheInternetareacombinationthatwillseemoreuseinthefuture.IPsec,VPN,andtunnelswillbecomeamajorsetoftoolsforusersrequiringsecurenetworkconnectionsacrosspublicsegmentsofnetworks.FormoreinformationonVPNsandremoteaccess,refertoChapter11.
AVPNconcentratorisaspecializedpieceofhardwaredesignedtohandletheencryptionanddecryptionrequiredforremote,secureaccesstoanorganization’snetwork.
StorageAreaNetworksStorageareanetworks(SANs)aresystemswhichprovideremotestorageofdataacrossanetworkconnection.ThedesignofSANprotocolsissuchthatthediskappearstoactuallybeontheclientmachineasalocaldriveratherthanasattachedstorage,asinnetworkattachedstorage(NAS).Thismakesthediskvisibleindiskandvolumemanagementutilitiesandallowstheirfunctionality.CommonSANprotocolsincludeiSCSIandFibreChannel.
iSCSITheInternetSmallComputerSystemInterface(iSCSI)isaprotocolforIP-basedstorage.iSCSIcanbeusedtosenddataoverexistingnetworkinfrastructures,enablingSANs.Positionedasalow-costalternativetoFibreChannelstorage,theonlyreallimitationisoneofnetworkbandwidth.
FibreChannelFibreChannel(FC)isahigh-speednetworktechnology(withthroughputupto16Gbps)usedtoconnectstoragetocomputersystems.TheFCprotocolisatransportprotocolsimilartotheTCPprotocolinIPnetworks.Carriedviaspecialcables,oneofthedrawbacksofFC-basedstorageiscost.
FCoETheFibreChanneloverEthernet(FCoE)protocolencapsulatestheFCframes,enablingFCcommunicationover10-GigabitEthernetnetworks.
Chapter9Review
ForMoreInformationNetworkingCompTIANetwork+CertificationAll-in-OneExamGuide,PremiumFifthEdition,McGraw-Hill,2014
TheInternetEngineeringTaskForcewww.ietf.org
Wikipediaarticles:Routinghttp://en.wikipedia.org/wiki/RoutingNAThttp://en.wikipedia.org/wiki/Network_address_translationICMPhttp://en.wikipedia.org/wiki/Internet_Control_Message_Protocol
Subnettinghttp://en.wikipedia.org/wiki/Subnetting
LabManualExercisesThefollowinglabexercisesfromthecompanionlabmanual,PrinciplesofComputerSecurityLabManual,FourthEdition,providepracticalapplicationofmaterialcoveredinthischapter:
ChapterSummaryAfterreadingthischapterandcompletingtheexercises,youshouldunderstandthefollowingaboutnetworks.
Identifythebasicnetworkarchitectures
Therearetwobroadcategoriesofnetworks:LANsandWANs.
Thephysicalarrangementofanetworkistypicallycalledthenetwork’stopology.
Therearefourmaintypesofnetworktopologies:ring,bus,star,andmixed.
Definethebasicnetworkprotocols
Protocols,agreed-uponformatsforexchangingortransmittingdatabetweensystems,enablecomputerstocommunicate.
Whendataistransmittedoveranetwork,itisusuallybrokenupintosmallerpiecescalledpackets.
Mostprotocolsdefinethetypesandformatforpacketsusedinthatprotocol.
TCPisconnectionoriented,requiresthethree-wayhandshaketoinitiateaconnection,andprovidesguaranteedandreliabledatadelivery.
UDPisconnectionless,lightweight,andprovideslimitederrorcheckingandnodeliveryguarantee.
EachnetworkdevicehasauniquehardwareaddressknownasaMACaddress.TheMACaddressisusedforpacketdelivery.
Networkdevicesarealsotypicallyassigneda32-bitnumberknownasanIPaddress.
TheDomainNameService(DNS)translatesnames,likewww.cnn.com,intoIPaddresses.
Explainroutingandaddresstranslation
Theprocessofmovingpacketsfromoneenddevicetoanotherthroughdifferentnetworksiscalledrouting.
Subnettingistheprocessofdividinganetworkaddressspaceintosmallernetworks.
DHCPallowsnetworkdevicestobeautomaticallyconfiguredonanetworkandtemporarilyassignedanIPaddress.
NetworkAddressTranslation(NAT)convertsprivate,internalIPaddressestopublic,routableIPaddressesandviceversa.
Classifysecurityzones
ADMZisabufferzonebetweennetworkswithdifferenttrustlevels.CompaniesoftenplacepublicresourcesinaDMZsothatInternetusersandinternalusersmayaccessthoseresourceswithoutexposingtheinternalcompanynetworktotheInternet.
Anintranetisaprivate,internalnetworkthatusescommonnetworktechnologies(suchasHTTP,FTP,andsoon)toshareinformationandprovideresourcestoorganizationalusers.
Anextranetisasemiprivatenetworkthatusescommonnetworktechnologies(suchasHTTP,FTP,andsoon)toshareinformationandprovideresourcestobusinesspartners.
Anenclaveisaspecializedsecurityzonewithcommonsecurityrequirements.
AVLAN(orvirtualLAN)isagroupofportsonaswitchthatisconfiguredtocreatealogicalnetworkofcomputerthatappearstobeconnectedtothesamenetworkeveniftheyarelocatedondifferentphysicalnetworksegments.SystemsonaVLANcancommunicatewitheachotherbutcannotcommunicatedirectlywithsystemsonotherVLANs.
TrunkingistheprocessofspanningasingleVLANacrossmultipleswitches.
Tunnelingisamethodofpackagingpacketssothattheycantraverseanetworkinasecure,confidentialmanner.
KeyTermsAddressResolutionProtocol(ARP)(234)bustopology(222)datagram(226)denial-of-service(DoS)(229)
DomainNameSystem(DNS)(235)DMZ(240)DynamicHostConfigurationProtocol(DHCP)(238)enclave(243)Ethernet(233)extranet(243)flatnetwork(243)InternetControlMessageProtocol(ICMP)(229)InternetProtocol(IP)(226)intranet(242)localareanetwork(LAN)(221)MediaAccessControl(MAC)address(233)NetworkAddressTranslation(NAT)(238)network(220)packet(225)protocol(223)ringtopology(222)routing(235)startopology(222)storageareanetwork(SAN)(221)subnetting(236)subnetmask(236)three-wayhandshake(228)topology(222)TransmissionControlProtocol(TCP)(228)trunking(245)tunneling(246)UserDatagramProtocol(UDP)(228)virtuallocalareanetwork(VLAN)(222)wideareanetwork(WAN)(221)
KeyTermsQuizUsetermsfromtheKeyTermslisttocompletethesentencesthatfollow.Don’tusethesametermmorethanonce.Notalltermswillbeused.
1.A(n)_______________isagroupoftwoormoredeviceslinkedtogethertosharedata.
2.ApacketinanIPnetworkissometimescalleda(n)_______________.
3.Movingpacketsfromsourcetodestinationacrossmultiplenetworksiscalled____________.
4.The_______________isthehardwareaddressusedtouniquelyidentifyeachdeviceonanetwork.
5.A(n)_______________tellsyouwhatportionofa32-bitIPaddressisbeingusedasthenetworkIDandwhatportionisbeingusedasthehostID.
6.Theshapeorarrangementofanetwork,suchasbus,star,ring,ormixed,isknownasthe_______________ofthenetwork.
7.Asmall,typicallylocalnetworkcoveringarelativelysmallareasuchasasinglefloorofanofficebuildingiscalleda(n)_______________.
8.A(n)_______________isanagreed-uponformatforexchanginginformationbetweensystems.
9.Thepacketexchangesequence(SYN,SYN/ACK,ACK)thatinitiatesaTCPconnectioniscalledthe_______________.
10._______________istheprotocolthatallowstheuseofprivate,internalIPaddressesforinternaltrafficandpublicIPaddressesforexternaltraffic.
Multiple-ChoiceQuiz1.WhatisLayer1oftheOSImodelcalled?
A.Thephysicallayer
B.Thenetworklayer
C.Theinitiallayer
D.Thepresentationlayer
2.TheUDPprotocol:A.Providesexcellenterror-checkingalgorithms
B.Isaconnectionlessprotocol
C.Guaranteesdeliveryofpackets
D.Requiresapermanentconnectionbetweensourceanddestination
3.TheprocessthatdynamicallyassignsanIPaddresstoanetworkdeviceiscalled:
A.NAT
B.DNS
C.DHCP
D.Routing
4.Whatisthethree-wayhandshakesequenceusedtoinitiateTCPconnections?
A.ACK,SYN/ACK,ACK
B.SYN,SYN/ACK,ACK
C.SYN,SYN,ACK/ACK
D.ACK,SYN/ACK,SYN
5.Whichofthefollowingisacontrolandinformationprotocolusedbynetworkdevicestodeterminesuchthingsasaremotenetwork’savailabilityandthelengthoftimerequiredtoreacharemotenetwork?
A.UDP
B.NAT
C.TCP
D.ICMP
6.WhatisthenameoftheprotocolthattranslatesnamesintoIPaddresses?
A.TCP
B.DNS
C.ICMP
D.DHCP
7.Dividinganetworkaddressspaceintosmaller,separatenetworksiscalledwhat?
A.Translating
B.Networkconfiguration
C.Subnetting
D.Addresstranslation
8.Whichprotocoltranslatesprivate(nonroutable)IPaddressesintopublic(routable)IPaddresses?
A.NAT
B.DHCP
C.DNS
D.ICMP
9.TheTCPprotocol:A.Isconnectionless
B.Providesnoerrorchecking
C.Allowsforpacketstobeprocessedintheordertheyweresent
D.Hasnooverhead
10.WhichofthefollowingwouldbeavalidMACaddress?A.00:07:e9
B.00:07:e9:7c:c8
C.00:07:e9:7c:c8:aa
D.00:07:e9:7c:c8:aa:ba
EssayQuiz1.Adeveloperinyourcompanyisbuildinganewapplicationandhas
askedyouifitshoulduseTCP-orUDP-basedcommunications.Provideherwithabriefdiscussionoftheadvantagesanddisadvantagesofeachprotocol.
2.YourbosswantstoknowifDHCPisappropriateforbothserverandPCenvironments.ProvideherwithyouropinionandbesuretoincludeadiscussionofhowDHCPworks.
3.Describethethreebasictypesofnetworktopologiesandprovideasamplediagramofeachtype.
4.Describethethree-wayhandshakeprocessusedtoinitiateTCP
connections.
5.Yourbosswantstoknowhowsubnettingworks.Provideherwithabriefdescriptionandbesuretoincludeanexampletoillustratehowsubnettingworks.
LabProjects
•LabProject9.1Aclientofyoursonlyhasfiveexternal,routableIPaddressesbuthasover50systemsthatitwantstobeabletoreachtheInternetforwebsurfing,e-mail,andsoon.Designanetworksolutionfortheclientthataddressestheirimmediateneedsbutwillstillletthemgrowinthefuture.
•LabProject9.2Yourbosswantsyoutolearnhowtousethearpandnslookupcommands.FindaWindowsmachineandopenacommand/DOSprompt.TypeinarpandpressENTERtoseetheoptionsforthearpcommand.UsethearpcommandtofindtheMACaddressofyoursystemandatleastfiveothersystemsonyournetwork.Whenyouarefinishedwitharp,typeinnslookupandpressENTER.Attheprompt,typeinthenameofyourfavoritewebsite,suchaswww.cnn.com.ThenslookupcommandwillreturntheIPaddressesthatmatchthatdomainname.FindtheIPaddressesofatleastfivedifferentwebsites.
chapter10 InfrastructureSecurity
Thehigheryourstructureistobe,thedeepermustbeitsfoundation.
—SAINTAUGUSTINE
I
Inthischapter,youwilllearnhowto
Constructnetworksusingdifferenttypesofnetworkdevices
Enhancesecurityusingsecuritydevices
EnhancesecurityusingNAC/NAPmethodologies
Identifythedifferenttypesofmediausedtocarrynetworksignals
Describethedifferenttypesofstoragemediausedtostoreinformation
Usebasicterminologyassociatedwithnetworkfunctionsrelatedtoinformationsecurity
Describethedifferenttypesandusesofcloudcomputing
nfrastructuresecuritybeginswiththedesignoftheinfrastructureitself.Theproperuseofcomponentsimprovesnotonlyperformancebutsecurityaswell.Networkcomponentsarenotisolatedfromthe
computingenvironmentandareanessentialaspectofatotalcomputingenvironment.Fromtherouters,switches,andcablesthatconnectthedevices,tothefirewallsandgatewaysthatmanagecommunication,fromthenetworkdesign,totheprotocolsthatareemployed—alltheseitemsplayessentialrolesinbothperformanceandsecurity.
DevicesAcompletenetworkcomputersolutionintoday’sbusinessenvironmentconsistsofmorethanjustclientcomputersandservers.Devicesareneededtoconnecttheclientsandserversandtoregulatethetrafficbetweenthem.Devicesarealsoneededtoexpandthisnetworkbeyondsimpleclientcomputersandserverstoincludeyetotherdevices,suchaswirelessandhandheldsystems.Devicescomeinmanyformsandwithmanyfunctions,fromhubsandswitches,torouters,wirelessaccesspoints,andspecial-purposedevicessuchasvirtualprivatenetwork(VPN)devices.Eachdevicehasaspecificnetworkfunctionandplaysaroleinmaintaining
networkinfrastructuresecurity.
CrossCheckTheImportanceofAvailabilityInChapter2,weexaminedtheCIAofsecurity:confidentiality,integrity,andavailability.Unfortunately,theavailabilitycomponentisoftenoverlooked,eventhoughavailabilityiswhathasmovedcomputingintothemodernnetworkedframeworkandplaysasignificantroleinsecurity.Securityfailurescanoccurintwoways.First,afailurecanallowunauthorizedusersaccessto
resourcesanddatatheyarenotauthorizedtouse,compromisinginformationsecurity.Second,afailurecanpreventauserfromaccessingresourcesanddatatheuserisauthorizedtouse.Thissecondfailureisoftenoverlooked,butitcanbeasseriousasthefirst.Theprimarygoalofnetworkinfrastructuresecurityistoallowallauthorizeduseanddenyallunauthorizeduseofresources.
WorkstationsMostusersarefamiliarwiththeclientcomputersusedintheclient/servermodelcalledworkstationdevices.Theworkstationisthemachinethatsitsonthedesktopandisusedeverydayforsendingandreadinge-mail,creatingspreadsheets,writingreportsinawordprocessingprogram,andplayinggames.Ifaworkstationisconnectedtoanetwork,itisanimportantpartofthesecuritysolutionforthenetwork.Manythreatstoinformationsecuritycanstartataworkstation,butmuchcanbedoneinafewsimplestepstoprovideprotectionfrommanyofthesethreats.
CrossCheckWorkstationsandServersServersandworkstationsarekeynodesonnetworks.ThespecificsforsecuringthesedevicesarescoveredinChapter14.
ServersServersarethecomputersinanetworkthathostapplicationsanddataforeveryonetoshare.Serverscomeinmanysizes,fromsmallsingle-CPUboxesthatmaybelesspowerfulthanaworkstation,tomultiple-CPUmonsters,uptoandincludingmainframes.TheoperatingsystemsusedbyserversrangefromWindowsServer,toUNIX,toMultipleVirtualStorage(MVS)andothermainframeoperatingsystems.TheOSonaservertendstobemorerobustthantheOSonaworkstationsystemandisdesignedtoservicemultipleusersoveranetworkatthesametime.Serverscanhostavarietyofapplications,includingwebservers,databases,e-mailservers,fileservers,printservers,andapplicationserversformiddlewareapplications.
VirtualizationVirtualizationtechnologyisusedtoallowacomputertohavemorethanoneOSpresentand,inmanycases,operatingatthesametime.VirtualizationisanabstractionoftheOSlayer,creatingtheabilitytohostmultipleOSsonasinglepieceofhardware.Oneofthemajoradvantagesofvirtualizationistheseparationofthesoftwareandthehardware,creatingabarrierthatcanimprovemanysystemfunctions,includingsecurity.Theunderlyinghardwareisreferredtoasthehostmachine,andonitisahostOS.EitherthehostOShasbuilt-inhypervisorcapabilityoranapplicationisneededtoprovidethehypervisorfunctiontomanagethevirtualmachines(VMs).ThevirtualmachinesaretypicallyreferredtoastheguestOSs.
ExamTip:Ahypervisoristheinterfacebetweenavirtualmachineandthehostmachinehardware.Hypervisorsarethelayerthatenablesvirtualization.
NewerOSsaredesignedtonativelyincorporatevirtualizationhooks,enablingvirtualmachinestobeemployedwithgreaterease.Thereareseveralcommonvirtualizationsolutions,includingMicrosoftHyper-V,VMware,OracleVMVirtualBox,Parallels,andCitrixXen.ItisimportanttodistinguishbetweenvirtualizationandbootloadersthatallowdifferentOSstobootonhardware.Apple’sBootCampallowsyoutobootintoMicrosoftWindowsonApplehardware.ThisisdifferentfromParallels,aproductwithcompletevirtualizationcapabilityforApplehardware.Virtualizationoffersmuchintermsofhost-basedmanagementofa
system.Fromsnapshotsthatalloweasyrollbacktopreviousstates,fastersystemdeploymentviapreconfiguredimages,easeofbackup,andtheabilitytotestsystems,virtualizationoffersmanyadvantagestosystemowners.Theseparationoftheoperationalsoftwarelayerfromthehardwarelayercanoffermanyimprovementsinthemanagementofsystems.
SnapshotsAsnapshotisapoint-in-timesavingofthestateofavirtualmachine.Snapshotshavegreatutilitybecausetheyarelikeasavepointforanentiresystem.Snapshotscanbeusedtorollasystembacktoapreviouspointintime,undooperations,orprovideaquickmeansofrecoveryfromacomplex,system-alteringchangethathasgoneawry.Snapshotsactasaformofbackupandaretypicallymuchfasterthannormalsystembackupandrecoveryoperations.
PatchCompatibilityHavinganOSoperateinavirtualenvironmentdoesnotchangetheneedforsecurityassociatedwiththeOS.Patchesarestillneededandshouldbeapplied,independentofthevirtualizationstatus.Becauseofthenatureofavirtualenvironment,itshouldhavenoeffectontheutilityofpatching,asthepatchisfortheguestOS.
HostAvailability/ElasticityWhenyousetupavirtualizationenvironment,protectingthehostOSandhypervisorleveliscriticalforsystemstability.Thebestpracticeistoavoidtheinstallationofanyapplicationsonthehost-levelmachine.Allappsshouldbehousedandruninavirtualenvironment.ThisaidsinthestabilitybyprovidingseparationbetweentheapplicationandthehostOS.Thetermelasticityreferstotheabilityofasystemtoexpand/contractassystemrequirementsdictate.Oneoftheadvantagesofvirtualizationisthatavirtualmachinecanbemovedtolargerorsmallerenvironmentsbasedonneeds.IfaVMneedsmoreprocessingpower,thenmigratingtheVMtoanewhardwaresystemwithgreaterCPUcapacityallowsthesystemtoexpandwithouthavingtorebuildit.
SecurityControlTestingWhenapplyingsecuritycontrolstoasystemtomanagesecurityoperations,itisimportanttotestthecontrolstoensurethattheyareprovidingthedesiredresults.PuttingasystemintoaVMdoesnotchangethisrequirement.Infact,itmaycomplicateitbecauseofthenatureoftheguestOStohypervisorrelationship.Itisessentialtospecificallytestallsecuritycontrolsinsidethevirtualenvironmenttoensuretheirbehaviorisstilleffective.
SandboxingSandboxingreferstothequarantineorisolationofasystemfromitssurroundings.Virtualizationcanbeusedasaformofsandboxingwithrespecttoanentiresystem.YoucanbuildaVM,testsomethinginsidetheVM,and,basedontheresults,makeadecisionwithregardtostabilityorwhateverconcernwaspresent.
MobileDevicesMobiledevicessuchaslaptops,tablets,andmobilephonesarethelatest
devicestojointhecorporatenetwork.Mobiledevicescancreateamajorsecuritygap,asausermayaccessseparatee-mailaccounts,onepersonal,withoutantivirusprotection,andtheothercorporate.MobiledevicesarecoveredindetailinChapter12.
DeviceSecurity,CommonConcernsAsmoreandmoreinteractivedevices(thatis,devicesyoucaninteractwithprogrammatically)arebeingdesigned,anewthreatsourcehasappeared.Inanattempttobuildsecurityintodevices,typically,adefaultaccountandpasswordmustbeenteredtoenabletheusertoaccessandconfigurethedeviceremotely.Thesedefaultaccountsandpasswordsarewellknowninthehackercommunity,sooneofthefirststepsyoumusttaketosecuresuchdevicesistochangethedefaultcredentials.Anyonewhohaspurchasedahomeofficerouterknowsthedefaultconfigurationsettingsandcanchecktoseeifanotheruserhaschangedtheirs.Iftheyhavenot,thisisahugesecurityhole,allowingoutsidersto“reconfigure”theirnetworkdevices.
TechTip
DefaultAccountsAlwaysreconfigurealldefaultaccountsonalldevicesbeforeexposingthemtoexternaltraffic.Thisistopreventothersfromreconfiguringyourdevicesbasedonknownaccesssettings.
NetworkAttachedStorageBecauseofthespeedoftoday’sEthernetnetworks,itispossibletomanagedatastorageacrossthenetwork.ThishasledtoatypeofstorageknownasNetworkAttachedStorage(NAS).Thecombinationofinexpensiveharddrives,fastnetworks,andsimpleapplication-based
servershasmadeNASdevicesintheterabyterangeaffordableforevenhomeusers.Becauseofthelargesizeofvideofiles,thishasbecomepopularforsomeusersasamethodofstoringTVandvideolibraries.BecauseNASisanetworkdevice,itissusceptibletovariousattacks,includingsniffingofcredentialsandavarietyofbrute-forceattackstoobtainaccesstothedata.
RemovableStorageBecauseremovabledevicescanmovedataoutsideofthecorporate-controlledenvironment,theirsecurityneedsmustbeaddressed.Removabledevicescanbringunprotectedorcorrupteddataintothecorporateenvironment.Allremovabledevicesshouldbescannedbyantivirussoftwareuponconnectiontothecorporateenvironment.Corporatepoliciesshouldaddressthecopyingofdatatoremovabledevices.ManymobiledevicescanbeconnectedviaUSBtoasystemandusedtostoredata—andinsomecasesvastquantitiesofdata.Thiscapabilitycanbeusedtoavoidsomeimplementationsofdatalosspreventionmechanisms.
NetworkingNetworksareusedtoconnectdevicestogether.Networksarecomposedofcomponentsthatperformnetworkingfunctionstomovedatabetweendevices.Networksbeginwithnetworkinterfacecards,thencontinueinlayersofswitchesandrouters.Specializednetworkingdevicesareusedforspecificpurposes,suchassecurityandtrafficmanagement.
NetworkInterfaceCardsToconnectaserverorworkstationtoanetwork,adeviceknownasanetworkinterfacecard(NIC)isused.ANICisacardwithaconnectorportforaparticulartypeofnetworkconnection,eitherEthernetorToken
Ring.ThemostcommonnetworktypeinuseforLANsistheEthernetprotocol,andthemostcommonconnectoristheRJ-45connector.ANICisthephysicalconnectionbetweenacomputerandthenetwork.
ThepurposeofaNICistoprovidelower-levelprotocolfunctionalityfromtheOSI(OpenSystemInterconnection)model.BecausetheNICdefinesthetypeofphysicallayerconnection,differentNICsareusedfordifferentphysicalprotocols.NICscomeassingle-portandmultiport,andmostworkstationsuseonlyasingle-portNIC,asonlyasinglenetworkconnectionisneeded.Figure10.1showsacommonformofaNIC.Forservers,multiportNICsareusedtoincreasethenumberofnetworkconnections,increasingthedatathroughputtoandfromthenetwork.
•Figure10.1Linksysnetworkinterfacecard(NIC)
EachNICportisserializedwithauniquecode,48bitslong,referredtoasaMediaAccessControladdress(MACaddress).Thesearecreatedbythemanufacturer,with24bitsrepresentingthemanufacturerand24bitsbeingaserialnumber,guaranteeinguniqueness.MACaddressesareusedintheaddressinganddeliveryofnetworkpacketstothecorrectmachineandinavarietyofsecuritysituations.Unfortunately,theseaddressescanbechanged,or“spoofed,”rathereasily.Infact,itiscommonforpersonalrouterstocloneaMACaddresstoallowuserstousemultipledevicesoveranetworkconnectionthatexpectsasingleMAC.
HubsAhubisnetworkingequipmentthatconnectsdevicesthatareusingthesameprotocolatthephysicallayeroftheOSImodel.Ahuballowsmultiplemachinesinanareatobeconnectedtogetherinastarconfiguration,withthehubasthecenter.ThisconfigurationcansavesignificantamountsofcableandisanefficientmethodofconfiguringanEthernetbackbone.Allconnectionsonahubshareasinglecollisiondomain,asmallclusterinanetworkwherecollisionsoccur.Asnetworktrafficincreases,itcanbecomelimitedbycollisions.Thecollisionissuehasmadehubsobsoleteinnewer,higherperformancenetworks,withinexpensiveswitchesandswitchedEthernetkeepingcostslowandusablebandwidthhigh.Hubsalsocreateasecurityweaknessinthatallconnecteddevicesseealltraffic,enablingsniffingandeavesdroppingtooccur.Intoday’snetworks,hubshaveallbutdisappeared,beingreplacedbylow-costswitches.
TechTip
Device/OSILevelInteraction
DifferentnetworkdevicesoperateusingdifferentlevelsoftheOSInetworkingmodeltomovepacketsfromdevicetodevice:
BridgesBridgesarenetworkingequipmentthatconnectdevicesusingthesameprotocolatthedatalinklayeroftheOSImodel.Abridgeoperatesatthedatalinklayer,filteringtrafficbasedonMACaddresses.Bridgescanreducecollisionsbyseparatingpiecesofanetworkintotwoseparatecollisiondomains,butthisonlycutsthecollisionprobleminhalf.Althoughbridgesareuseful,abettersolutionistouseswitchesfornetworkconnections.
SwitchesAswitchformsthebasisforconnectionsinmostEthernet-basedLANs.Althoughhubsandbridgesstillexist,intoday’shigh-performancenetworkenvironment,switcheshavereplacedboth.Aswitchhasseparatecollision
domainsforeachport.Thismeansthatforeachport,twocollisiondomainsexist:onefromtheporttotheclientonthedownstreamside,andonefromtheswitchtothenetworkupstream.Whenfullduplexisemployed,collisionsarevirtuallyeliminatedfromthetwonodes,hostandclient.Thisalsoactsasahub-basedsystem,whereasinglesniffercanseeallofthetraffictoandfromconnecteddevices.Switchesoperateatthedatalinklayer,whileroutersactatthenetwork
layer.Forintranets,switcheshavebecomewhatroutersareontheInternet—thedeviceofchoiceforconnectingmachines.Asswitcheshavebecometheprimarynetworkconnectivitydevice,additionalfunctionalityhasbeenaddedtothem.AswitchisusuallyaLayer2device,butLayer3switchesincorporateroutingfunctionality.Hubshavebeenreplacedbyswitchesbecauseswitchesperforma
numberoffeaturesthathubscannotperform.Forexample,theswitchimprovesnetworkperformancebyfilteringtraffic.Itfilterstrafficbyonlysendingthedatatotheportontheswitchthatthedestinationsystemresideson.Theswitchknowswhatporteachsystemisconnectedtoandsendsthedataonlytothatport.Theswitchalsoprovidessecurityfeatures,suchastheoptiontodisableaportsothatitcannotbeusedwithoutauthorization.Theswitchalsosupportsafeaturecalledportsecurity,whichallowstheadministratortocontrolwhichsystemscansenddatatoeachoftheports.TheswitchusestheMACaddressofthesystemstoincorporatetrafficfilteringandportsecurityfeatures,whichiswhyitisconsideredaLayer2device.
ExamTip:MACfilteringcanbeemployedonswitches,permittingonlyspecifiedMACstoconnecttotheswitch.ThiscanbebypassedifanattackercanlearnanallowedMAC,astheycanclonethepermittedMAContotheirownNICcardandspooftheswitch.Tofilteredgeconnections,IEEE802.1XismoresecureandiscoveredinChapter11.ThiscanalsobereferredtoasMAClimiting.Becarefultopayattentiontocontextontheexam,however,becauseMAClimitingalsocanrefertopreventingfloodingattacksonswitchesbylimitingthenumberofMACaddressesthatcanbe“learned”byaswitch.
PortaddresssecuritybasedonMACaddressescandeterminewhetherapacketisallowedorblockedfromaconnection.Thisistheveryfunctionthatafirewallusesforitsdetermination,andthissamefunctionalityiswhatallowsan802.1Xdevicetoactasan“edgedevice.”
ExamTip:Networktrafficsegregationbyswitchescanalsoactasasecuritymechanism,preventingaccesstosomedevicesfromotherdevices.Thiscanpreventsomeonefromaccessingcriticaldataserversfromamachineinapublicarea.
Oneofthesecurityconcernswithswitchesisthat,likerouters,theyareintelligentnetworkdevicesandarethereforesubjecttohijackingbyhackers.Shouldahackerbreakintoaswitchandchangeitsparameters,hemightbeabletoeavesdroponspecificorallcommunications,virtuallyundetected.SwitchesarecommonlyadministeredusingtheSimpleNetworkManagementProtocol(SNMP)andTelnetprotocol,bothofwhichhaveaseriousweaknessinthattheysendpasswordsacrossthenetworkincleartext.Ahackerarmedwithasnifferthatobservesmaintenanceonaswitchcancapturetheadministrativepassword.Thisallowsthehackertocomebacktotheswitchlaterandconfigureitasanadministrator.Anadditionalproblemisthatswitchesareshippedwithdefaultpasswords,andifthesearenotchangedwhentheswitchissetup,theyofferanunlockeddoortoahacker.
Tosecureaswitch,youshoulddisableallaccessprotocolsotherthanasecureseriallineorasecureprotocolsuchasSecureShell(SSH).Usingonlysecuremethodstoaccessaswitchwilllimittheexposuretohackersandmalicioususers.Maintainingsecurenetworkswitchesisevenmoreimportantthansecuringindividualboxes,forthespanofcontroltointerceptdataismuchwideronaswitch,especiallyifit’sreprogrammedbyahacker.
Switchesarealsosubjecttoelectronicattacks,suchasARPpoisoning
andMACflooding.ARPpoisoningiswhereadevicespoofstheMACaddressofanotherdevice,attemptingtochangetheARPtablesthroughspoofedtrafficandtheARPtable-updatemechanism.MACfloodingiswhereaswitchisbombardedwithpacketsfromdifferentMACaddresses,floodingtheswitchtableandforcingthedevicetorespondbyopeningallportsandactingasahub.Thisenablesdevicesonothersegmentstosnifftraffic.
LoopProtectionSwitchesoperateatLayer2,atwhichthereisnocountdownmechanismtokillpacketsthatgetcaughtinloopsoronpathsthatwillneverresolve.TheLayer2spaceactsasamesh,wherepotentiallytheadditionofanewdevicecancreateloopsintheexistingdeviceinterconnections.Topreventloops,atechnologycalledspanningtreesisemployedbyvirtuallyallswitches.TheSpanningTreeProtocol(STP)allowsformultiple,redundantpaths,whilebreakingloopstoensureaproperbroadcastpattern.LoopprotectioniscoveredindetailinChapter9.
RoutersArouterisanetworktrafficmanagementdeviceusedtoconnectdifferentnetworksegmentstogether.Routersoperateatthenetworklayer(Layer3)oftheOSImodel,usingthenetworkaddress(typicallyanIPaddress)toroutetrafficandusingroutingprotocolstodetermineoptimalroutingpathsacrossanetwork.RoutersformthebackboneoftheInternet,movingtrafficfromnetworktonetwork,inspectingpacketsfromeverycommunicationastheymovetrafficinoptimalpaths.Routersoperatebyexaminingeachpacket,lookingatthedestination
address,andusingalgorithmsandtablestodeterminewheretosendthepacketnext.Thisprocessofexaminingtheheadertodeterminethenexthopcanbedoneinquickfashion.
ACLscanrequiresignificantefforttoestablishandmaintain.Creatingthemisastraightforwardtask,buttheirjudicioususewillyieldsecuritybenefitswithalimitedamountofmaintenance.CiscoroutershavestandardandextendedACLs;standardACLscanfiltertrafficbasedonlyonthesourceIPaddress,whereasextendedACLscanfiltertrafficbysource/destinationIPaddress,protocol,andport.ThiscanbeveryimportantinsecurityzonessuchasaDMZandatedgedevices,blockingundesiredoutsidecontactwhileallowingknowninsidetraffic.
Routersuseaccesscontrollists(ACLs)asamethodofdecidingwhetherapacketisallowedtoenterthenetwork.WithACLs,itisalsopossibletoexaminethesourceaddressanddeterminewhetherornottoallowapackettopass.ThisallowsroutersequippedwithACLstodroppacketsaccordingtorulesbuiltintotheACLs.Thiscanbeacumbersomeprocesstosetupandmaintain,andastheACLgrowsinsize,routingefficiencycanbedecreased.Itisalsopossibletoconfiguresomerouterstoactasquasi–applicationgateways,performingstatefulpacketinspectionandusingcontentsaswellasIPaddressestodeterminewhetherornottopermitapackettopass.Thiscantremendouslyincreasethetimeforaroutertopasstrafficandcansignificantlydecreaserouterthroughput.ConfiguringACLsandotheraspectsofsettinguproutersforthistypeofusearebeyondthescopeofthisbook.Oneserioussecurityconcernregardingrouteroperationislimitingwho
hasaccesstotherouterandcontrolofitsinternalfunctions.Likeaswitch,aroutercanbeaccessedusingSNMPandTelnetandprogrammedremotely.Becauseofthegeographicseparationofrouters,thiscanbecomeanecessity,formanyroutersintheworldoftheInternetcanbehundredsofmilesapart,inseparatelockedstructures.Physicalcontroloverarouterisabsolutelynecessary,forifanydevice,beitaserver,switch,orrouter,isphysicallyaccessedbyahacker,itshouldbeconsideredcompromised.Thus,suchaccessmustbeprevented.Aswithswitches,itisimportanttoensurethattheadministratorpasswordisneverpassedintheclear,thatonlysecuremechanismsareusedtoaccesstherouter,andthatallofthedefaultpasswordsareresettostrongpasswords.
Aswithswitches,themostassuredpointofaccessforroutermanagementcontrolisviatheserialcontrolinterfaceport.Thisallowsaccesstothecontrolaspectsoftherouterwithouthavingtodealwithtraffic-relatedissues.Forinternalcompanynetworks,wherethegeographicdispersionofroutersmaybelimited,third-partysolutionstoallowout-of-bandremotemanagementexist.Thisallowscompletecontrolovertherouterinasecurefashion,evenfromaremotelocation,althoughadditionalhardwareisrequired.Routersareavailablefromnumerousvendorsandcomeinsizesbigand
small.Atypicalsmallhomeofficerouterforusewithcablemodem/DSLserviceisshowninFigure10.2.Largerrouterscanhandletrafficofuptotensofgigabytespersecondperchannel,usingfiber-opticinputsandmovingtensofthousandsofconcurrentInternetconnectionsacrossthenetwork.Theserouters,whichcancosthundredsofthousandsofdollars,formanessentialpartofe-commerceinfrastructure,enablinglargeenterprisessuchasAmazonandeBaytoservemanycustomers’useconcurrently.
•Figure10.2Asmallhomeofficerouterforcablemodem/DSL
FirewallsAfirewallisanetworkdevice—hardware,software,oracombinationthereof—whosepurposeistoenforceasecuritypolicyacrossitsconnectionsbyallowingordenyingtraffictopassintooroutofthenetwork.Afirewallisalotlikeagateguardatasecurefacility.Theguardexaminesallthetraffictryingtoenterthefacility—carswiththecorrectstickerordeliverytruckswiththeappropriatepaperworkareallowedin;everyoneelseisturnedaway(seeFigure10.3).
•Figure10.3Howafirewallworks
ExamTip:Afirewallisanetworkdevice(hardware,software,orcombinationofthetwo)thatenforcesasecuritypolicy.Allnetworktrafficpassingthroughthefirewallisexamined—trafficthatdoesnotmeetthespecifiedsecuritycriteriaorviolatesthefirewallpolicyisblocked.
Theheartofafirewallisthesetofsecuritypoliciesthatitenforces.Managementdetermineswhatisallowedintheformofnetworktrafficbetweendevices,andthesepoliciesareusedtobuildrulesetsforthefirewalldevicesusedtofilternetworktrafficacrossthenetwork.
TechTip
FirewallRulesFirewallsareinrealitypolicyenforcementdevices.Eachruleinafirewallshouldhaveapolicybehindit,asthisistheonlymannerofmanagingfirewallrulesetsovertime.Thestepsforsuccessfulfirewallmanagementbeginandendwithmaintainingapolicylistbyfirewallofthetrafficrestrictionstobeimposed.Managingthislistviaaconfigurationmanagementprocessisimportanttopreventnetworkinstabilitiesfromfaultyrulesetsorunknown“left-over”rules.
Orphanorleft-overrulesarerulesthatwerecreatedforaspecialpurpose(testing,emergency,visitororvendor,etc.)andthenforgottenaboutandnotremovedaftertheiruseended.Theserulescanclutterupafirewallandresultinunintendedchallengestothenetworksecurityteam.
Firewallsecuritypoliciesareaseriesofrulesthatdefineswhattrafficispermissibleandwhattrafficistobeblockedordenied.Thesearenotuniversalrules,andtherearemanydifferentsetsofrulesforasinglecompanywithmultipleconnections.AwebserverconnectedtotheInternetmaybeconfiguredonlytoallowtrafficonport80forHTTP,and
haveallotherportsblocked.Ane-mailservermayhaveonlynecessaryportsfore-mailopen,withothersblocked.Akeytosecuritypoliciesforfirewallsisthesameashasbeenseenforothersecuritypolicies—theprincipleofleastaccess.Onlyallowthenecessaryaccessforafunction;blockordenyallunneededfunctionality.Howanorganizationdeploysitsfirewallsdetermineswhatisneededforsecuritypoliciesforeachfirewall.Youmayevenhaveasmalloffice–homeofficefirewallatyourhouse,suchastheRVS4000showninFigure10.4.ThisdevicefromLinksysprovidesbothroutingandfirewallfunctions.
•Figure10.4LinksysRVS4000SOHOfirewall
Thesecuritytopologydetermineswhatnetworkdevicesareemployedatwhatpointsinanetwork.Ataminimum,thecorporateconnectiontotheInternetshouldpassthroughafirewall,asshowninFigure10.5.Thisfirewallshouldblockallnetworktrafficexceptthatspecificallyauthorizedbythesecuritypolicy.Thisisactuallyeasytodo:blockingcommunicationsonaportissimplyamatteroftellingthefirewalltoclosetheport.Theissuecomesindecidingwhatservicesareneededandby
whom,andthuswhichportsshouldbeopenandwhichshouldbeclosed.Thisiswhatmakesasecuritypolicyusefulbut,insomecases,difficulttomaintain.
•Figure10.5LogicaldepictionofafirewallprotectinganorganizationfromtheInternet
Theperfectfirewallpolicyisonethattheenduserneverseesandonethatneverallowsevenasingleunauthorizedpackettoenterthenetwork.Aswithanyotherperfectitem,itwillberaretofindtheperfectsecuritypolicyforafirewall.Todevelopacompleteandcomprehensivesecuritypolicy,itisfirst
necessarytohaveacompleteandcomprehensiveunderstandingofyournetworkresourcesandtheiruses.Onceyouknowwhatyournetworkwillbeusedfor,youwillhaveanideaofwhattopermit.Also,onceyouunderstandwhatyouneedtoprotect,youwillhaveanideaofwhattoblock.Firewallsaredesignedtoblockattacksbeforetheygettoatargetmachine.Commontargetsarewebservers,e-mailservers,DNSservers,FTPservices,anddatabases.Eachofthesehasseparatefunctionality,andeachofthesehasseparatevulnerabilities.Onceyouhavedecidedwhoshouldreceivewhattypeoftrafficandwhattypesshouldbeblocked,youcanadministerthisthroughthefirewall.
Routershelpcontroltheflowoftrafficintoandoutofyournetwork.ThroughtheuseofACLs,routerscanactasfirst-levelfirewallsandcanhelpweedoutmalicioustraffic.
HowDoFirewallsWork?Firewallsenforcetheestablishedsecuritypolicies.Theycandothisthroughavarietyofmechanisms,including:
NetworkAddressTranslation(NAT)AsyoumayrememberfromChapter9,NATtranslatesprivate(nonroutable)IPaddressesintopublic(routable)IPaddresses.
BasicpacketfilteringBasicpacketfilteringlooksateachpacketenteringorleavingthenetworkandtheneitheracceptsthepacketorrejectsthepacketbasedonuser-definedrules.Eachpacketisexaminedseparately.
StatefulpacketfilteringStatefulpacketfilteringalsolooksateachpacket,butitcanexaminethepacketinitsrelationtootherpackets.Statefulfirewallskeeptrackofnetworkconnectionsandcanapplyslightlydifferentrulesetsbasedonwhetherthepacketispartofanestablishedsessionornot.
NATistheprocessofmodifyingnetworkaddressinformationindatagrampacketheaderswhileintransitacrossatrafficroutingdevice,suchasarouterorfirewall,forthepurposeofremappingagivenaddressspaceintoanother.SeeChapter9foramoredetaileddiscussiononNAT.
Accesscontrollists(ACLs)ACLsaresimplerulesetsthatareappliedtoportnumbersandIPaddresses.Theycanbeconfiguredforinboundandoutboundtrafficandaremostcommonlyusedonroutersandswitches.
ApplicationlayerproxiesAnapplicationlayerproxycanexaminethecontentofthetrafficaswellastheportsandIPaddresses.Forexample,anapplicationlayerhastheabilitytolookinsideauser’swebtraffic,detectamaliciouswebsiteattemptingtodownloadmalwaretotheuser’ssystem,andblockthemalware.
OneofthemostbasicsecurityfunctionsprovidedbyafirewallisNAT.Thisserviceallowsyoutomasksignificantamountsofinformationfromoutsideofthenetwork.Thisallowsanoutsideentitytocommunicatewithanentityinsidethefirewallwithouttrulyknowingitsaddress.Basicpacketfiltering,alsoknownasstatelesspacketinspection,
involveslookingatpackets,theirprotocolsanddestinations,andcheckingthatinformationagainstthesecuritypolicy.TelnetandFTPconnectionsmaybeprohibitedfrombeingestablishedtoamailordatabaseserver,buttheymaybeallowedfortherespectiveserviceservers.Thisisafairlysimplemethodoffilteringbasedoninformationineachpacketheader,likeIPaddressesandTCP/UDPports.Thiswillnotdetectandcatchallundesiredpackets,butitisfastandefficient.Tolookatallpackets,determiningtheneedforeachanditsdata,
requiresstatefulpacketfiltering.Advancedfirewallsemploystatefulpacketfilteringtopreventseveraltypesofundesiredcommunications.Shouldapacketcomefromoutsidethenetwork,inanattempttopretendthatitisaresponsetoamessagefrominsidethenetwork,thefirewallwill
havenorecordofitbeingrequestedandcandiscardit,blockingaccess.Asmanycommunicationswillbetransferredtohighports(above1023),statefulmonitoringwillenablethesystemtodeterminewhichsetsofhigh-portcommunicationsarepermissibleandwhichshouldbeblocked.Thedisadvantagetostatefulmonitoringisthatittakessignificantresourcesandprocessingtodothistypeofmonitoring,andthisreducesefficiencyandrequiresmorerobustandexpensivehardware.However,thistypeofmonitoringisessentialintoday’scomprehensivenetworks,particularlygiventhevarietyofremotelyaccessibleservices.
TechTip
FirewallsandAccessControlListsManyfirewallsreadfirewallandACLrulesfromtoptobottomandapplytherulesinsequentialordertothepacketstheyareinspecting.Typicallytheywillstopprocessingruleswhentheyfindarulethatmatchesthepackettheyareexamining.Ifthefirstlineinyourrulesetreads“allowalltraffic,”thenthefirewallwillpassanynetworktrafficcomingintoorleavingthefirewall—ignoringtherestofyourrulesbelowthatline.Manyfirewallshaveanimplied“denyall”lineaspartoftheirrulesets.Thismeansthatanytrafficthatisnotspecificallyallowedbyarulewillgetblockedbydefault.
Astheyareinrouters,switches,servers,andothernetworkdevices,ACLsareacornerstoneofsecurityinfirewalls.Justasyoumustprotectthedevicefromphysicalaccess,ACLsdothesametaskforelectronicaccess.FirewallscanextendtheconceptofACLsbyenforcingthematapacketlevelwhenpacket-levelstatefulfilteringisperformed.Thiscanaddanextralayerofprotection,makingitmoredifficultforanoutsidehackertobreachafirewall.
ExamTip:Manyfirewallscontain,bydefault,animplicitdenyattheendofeveryACLorfirewallruleset.Thissimplymeansthatanytrafficnotspecificallypermittedbyapreviousrule
intherulesetisdenied.
Somehigh-securityfirewallsalsoemployapplicationlayerproxies.Asthenameimplies,packetsarenotallowedtotraversethefirewall,butdatainsteadflowsuptoanapplicationthatinturndecideswhattodowithit.Forexample,anSMTPproxymayacceptinboundmailfromtheInternetandforwardittotheinternalcorporatemailserver,asdepictedinFigure10.6.Whileproxiesprovideahighlevelofsecuritybymakingitverydifficultforanattackertomanipulatetheactualpacketsarrivingatthedestination,andwhiletheyprovidetheopportunityforanapplicationtointerpretthedatapriortoforwardingittothedestination,theygenerallyarenotcapableofthesamethroughputasstatefulpacket-inspectionfirewalls.Thetrade-offbetweenperformanceandspeedisacommononeandmustbeevaluatedwithrespecttosecurityneedsandperformancerequirements.
•Figure10.6FirewallwithSMTPapplicationlayerproxy
TechTip
FirewallOperationsApplicationlayerfirewallssuchasproxyserverscananalyzeinformationintheheaderanddataportionofthepacket,whereaspacket-filteringfirewallscananalyzeonlytheheaderofa
packet.
Firewallscanalsoactasnetworktrafficregulatorsinthattheycanbeconfiguredtomitigatespecifictypesofnetwork-basedattacks.Indenial-of-serviceanddistributeddenial-of-serviceattacks,anattackercanattempttofloodanetworkwithtraffic.Firewallscanbetunedtodetectthesetypesofattacksandactasfloodguards,mitigatingtheeffectonthenetwork.
ExamTip:Firewallscanactasfloodguards,detectingandmitigatingspecifictypesofDoS/DDoSattacks.
Next-GenerationFirewallsFirewallsoperatebyinspectingpacketsandbyusingrulesassociatedwithIPaddressesandports.Next-generationfirewallshavesignificantlymorecapabilityandarecharacterizedbythesefeatures:
Deeppacketinspection
Movebeyondport/protocolinspectionandblocking
Addapplication-levelinspection
Addintrusionprevention
Bringintelligencefromoutsidethefirewall
Next-generationfirewallsaremorethanjustafirewallandIDScoupledtogether;theyofferadeeperlookatwhatthenetworktrafficrepresents.Inalegacyfirewall,withport80open,allwebtrafficisallowedtopass.Usinganext-generationfirewall,trafficoverport80canbeseparatedbywebsite,orevenactivityonawebsite(forexample,allowFacebook,butnotgamesonFacebook).Becauseofthedeeperpacketinspectionandthe
abilitytocreaterulesbasedoncontent,trafficcanbemanagedbasedoncontent,notmerelysiteorURL.
WebApplicationFirewallsvs.NetworkFirewallsIncreasingly,theterm“firewall”isgettingattachedtoanydeviceorsoftwarepackagethatisusedtocontroltheflowofpacketsordataintooroutofanorganization.Forexample,awebapplicationfirewallisthetermgiventoanysoftwarepackage,appliance,orfilterthatappliesarulesettoHTTP/HTTPStraffic.WebapplicationfirewallsshapewebtrafficandcanbeusedtofilteroutSQLinjectionattacks,malware,cross-sitescripting(XSS),andsoon.Bycontrast,anetworkfirewallisahardwareorsoftwarepackagethatcontrolstheflowofpacketsintoandoutofanetwork.Webapplicationfirewallsoperateontrafficatamuchhigherlevelthannetworkfirewalls,aswebapplicationfirewallsmustbeabletodecodethewebtraffictodeterminewhetherornotitismalicious.Networkfirewallsoperateonmuchsimpleraspectsofnetworktrafficsuchassource/destinationportandsource/destinationaddress.
ConcentratorsNetworkdevicescalledconcentratorsactastrafficmanagementdevices,managingflowsfrommultiplepointsintosinglestreams.Concentratorstypicallyactasendpointsforaparticularprotocol,suchasSSL/TLSorVPN.Theuseofspecializedhardwarecanenablehardware-basedencryptionandprovideahigherlevelofspecificservicethanageneral-purposeserver.Thisprovidesbotharchitecturalandfunctionalefficiencies.
WirelessDevicesWirelessdevicesbringadditionalsecurityconcerns.Thereis,bydefinition,nophysicalconnectiontoawirelessdevice;radiowavesor
infraredcarrydata,whichallowsanyonewithinrangeaccesstothedata.Thismeansthatunlessyoutakespecificprecautions,youhavenocontroloverwhocanseeyourdata.Placingawirelessdevicebehindafirewalldoesnotdoanygood,becausethefirewallstopsonlyphysicallyconnectedtrafficfromreachingthedevice.Outsidetrafficcancomeliterallyfromtheparkinglotdirectlytothewirelessdeviceandintothenetwork.Thepointofentryfromawirelessdevicetoawirednetworkis
performedatadevicecalledawirelessaccesspoint.Wirelessaccesspointscansupportmultipleconcurrentdevicesaccessingnetworkresourcesthroughthenetworknodetheycreate.Atypicalwirelessaccesspointisshownhere.
•Atypicalwirelessaccesspoint
Topreventunauthorizedwirelessaccesstothenetwork,configurationofremoteaccessprotocolstoawirelessaccesspointiscommon.Forcingauthenticationandverifyingauthorizationisaseamlessmethodofperformingbasicnetworksecurityforconnectionsinthisfashion.TheseaccessprotocolsarecoveredinChapter11.
Severalmechanismscanbeusedtoaddwirelessfunctionalitytoamachine.ForPCs,thiscanbedoneviaanexpansioncard.Fornotebooks,aPCMCIAadapterforwirelessnetworksisavailablefromseveralvendors.ForbothPCsandnotebooks,vendorshaveintroducedUSB-basedwirelessconnectors.Thefollowingillustrationshowsonevendor’scard—notetheextendedlengthusedasanantenna.Notallcardshavethesameconfiguration,althoughtheyallperformthesamefunction:toenableawirelessnetworkconnection.Thenumerouswirelessprotocols(802.11a,b,g,i,andn)arecoveredinChapter12.Wirelessaccesspointsandcardsmustbematchedbyprotocolforproperoperation.
ModemsModemswereonceaslowmethodofremoteconnectionthatwasusedtoconnectclientworkstationstoremoteservicesoverstandardtelephonelines.Modemisashortenedformofmodulator/demodulator,convertinganalogsignalstodigitalandviceversa.Connectingadigitalcomputersignaltotheanalogtelephonelinerequiredoneofthesedevices.Today,theuseofthetermhasexpandedtocoverdevicesconnectedtospecialdigitaltelephonelines—DSLmodems—andtocabletelevisionlines—cablemodems.Althoughthesedevicesarenotactuallymodemsinthetruesenseoftheword,thetermhasstuckthroughmarketingeffortsdirectedtoconsumers.DSLandcablemodemsofferbroadbandhigh-speedconnectionsandtheopportunityforcontinuousconnectionstotheInternet.Alongwiththesenewdesirablecharacteristicscomesomeundesirableones,however.Althoughtheybothprovidethesametypeofservice,cableandDSLmodemshavesomedifferences.ADSLmodemprovidesadirect
connectionbetweenasubscriber’scomputerandanInternetconnectionatthelocaltelephonecompany’sswitchingstation.Thisprivateconnectionoffersadegreeofsecurity,asitdoesnotinvolveotherssharingthecircuit.Cablemodemsaresetupinsharedarrangementsthattheoreticallycouldallowaneighbortosniffauser’scablemodemtraffic.
•AtypicalPCMCIAwirelessnetworkcard
Cablemodemsweredesignedtoshareapartylineintheterminalsignalarea,andthecablemodemstandard,DataOverCableServiceInterfaceSpecification(DOCSIS),wasdesignedtoaccommodatethisconcept.DOCSISincludesbuilt-insupportforsecurityprotocols,including
authenticationandpacketfiltering.Althoughthisdoesnotguaranteeprivacy,itpreventsordinarysubscribersfromseeingothers’trafficwithoutusingspecializedhardware.Figure10.7isamoderncablemodem.Ithasanimbeddedwireless
accesspoint,aVoIPconnection,alocalrouter,andDHCPserver.Thesizeofthedeviceisfairlylarge,butithasabuilt-inlead-acidbatterytoprovideVoIPservicewhenpowerisout.
•Figure10.7Moderncablemodem
BothcableandDSLservicesaredesignedforacontinuousconnection,whichbringsupthequestionofIPaddresslifeforaclient.AlthoughsomeservicesoriginallyusedastaticIParrangement,virtuallyallhavenowadoptedtheDynamicHostConfigurationProtocol(DHCP)tomanagetheiraddressspace.AstaticIPaddresshasanadvantageofremainingthesameandenablingconvenientDNSconnectionsforoutsideusers.AscableandDSLservicesareprimarilydesignedforclientservicesasopposedtohostservices,thisisnotarelevantissue.AsecurityissueofastaticIPaddressisthatitisastationarytargetforhackers.ThemovetoDHCPhasnotsignificantlylessenedthisthreat,however,becausethetypicalIPleaseonacablemodemDHCPserverisfordays.Thisisstillrelativelystationary,andsomeformoffirewallprotectionneedstobeemployedbytheuser.
Cable/DSLSecurityThemodemequipmentprovidedbythesubscriptionserviceconvertsthecableorDSLsignalintoastandardEthernetsignalthatcanthenbeconnectedtoaNIContheclientdevice.Thisisstilljustadirectnetworkconnection,withnosecuritydeviceseparatingthetwo.Themostcommonsecuritydeviceusedincable/DSLconnectionsisarouterthatactsasahardwarefirewall.Thefirewall/routerneedstobeinstalledbetweenthecable/DSLmodemandclientcomputers.
TelephonyAprivatebranchexchange(PBX)isanextensionofthepublictelephonenetworkintoabusiness.Althoughtypicallyconsideredseparateentitiesfromdatasystems,PBXsarefrequentlyinterconnectedandhavesecurityrequirementsaspartofthisinterconnection,aswellassecurityrequirementsoftheirown.PBXsarecomputer-basedswitchingequipment
designedtoconnecttelephonesintothelocalphonesystem.Basicallydigitalswitchingsystems,theycanbecompromisedfromtheoutsideandusedbyphonehackers(phreakers)tomakephonecallsatthebusiness’sexpense.Althoughthistypeofhackinghasdecreasedasthecostoflong-distancecallinghasdecreased,ithasnotgoneaway,andasseveralfirmslearneveryyear,voicemailboxesandPBXscanbecompromisedandthelong-distancebillscangetveryhigh,veryfast.
TechTip
CoexistingCommunicationsDataandvoicecommunicationshavecoexistedinenterprisesfordecades.RecentconnectionsinsidetheenterpriseofVoiceoverIP(VoIP)andtraditionalprivatebranchexchange(PBX)solutionsincreasebothfunctionalityandsecurityrisks.Specificfirewallstoprotectagainstunauthorizedtrafficovertelephonyconnectionsareavailabletocountertheincreasedrisk.
AnotherproblemwithPBXsariseswhentheyareinterconnectedtothedatasystems,eitherbycorporateconnectionorbyroguemodemsinthehandsofusers.Ineithercase,apathexistsforconnectiontooutsidedatanetworksandtheInternet.Justasafirewallisneededforsecurityondataconnections,oneisneededfortheseconnectionsaswell.TelecommunicationsfirewallsareadistincttypeoffirewalldesignedtoprotectboththePBXandthedataconnections.Thefunctionalityofatelecommunicationsfirewallisthesameasthatofadatafirewall:itistheretoenforcesecuritypolicies.Telecommunicationsecuritypoliciescanbeenforcedeventocoverhoursofphoneuse,topreventunauthorizedlong-distanceusagethroughtheimplementationofaccesscodesand/orrestrictedservicehours.
VPNConcentratorAvirtualprivatenetwork(VPN)isaconstructusedtoprovideasecure
communicationchannelbetweenusersacrosspublicnetworkssuchastheInternet.ThemostcommonimplementationofVPNisviaIPsec,aprotocolforIPsecurity.IPsecismandatedinIPv6andisoptionalinIPv4.IPseccanbeimplementedinhardware,software,oracombinationofbothandisusedtoencryptallIPtraffic.InChapter11,avarietyoftechniquesaredescribedthatcanbeemployedtoinstantiateaVPNconnection.Theuseofencryptiontechnologiesallowseitherthedatainapackettobeencryptedortheentirepackettobeencrypted.Ifthedataisencrypted,thepacketheadercanstillbesniffedandobservedbetweensourceanddestination,buttheencryptionprotectsthecontentsofthepacketfrominspection.Iftheentirepacketisencrypted,itisthenplacedintoanotherpacketandsentviatunnelacrossthepublicnetwork.Tunnelingcanprotecteventheidentityofthecommunicatingparties.
ExamTip:AVPNconcentratorisahardwaredevicedesignedtoactasaVPNendpoint,managingVPNconnectionstoanenterprise.
SecurityDevicesTherearearangeofsecuritydevicesthatcanbeemployedatthenetworklayertoinstantiatesecurityfunctionalityinthenetworklayer.Devicescanbeusedforintrusiondetection,networkaccesscontrol,andawiderangeofothersecurityfunctions.Eachdevicehasaspecificnetworkfunctionandplaysaroleinmaintainingnetworkinfrastructuresecurity.
IntrusionDetectionSystemsIntrusiondetectionsystems(IDSs)areanimportantelementofinfrastructuresecurity.IDSsaredesignedtodetect,log,andrespondtounauthorizednetworkorhostuse,bothinrealtimeandafterthefact.IDSs
areavailablefromawideselectionofvendorsandareanessentialpartofacomprehensivenetworksecurityprogram.Thesesystemsareimplementedusingsoftware,butinlargenetworksorsystemswithsignificanttrafficlevels,dedicatedhardwareistypicallyrequiredaswell.IDSscanbedividedintotwocategories:network-basedsystemsandhost-basedsystems.
CrossCheckIntrusionDetectionFromanetworkinfrastructurepointofview,network-basedIDSscanbeconsideredpartofinfrastructure,whereashost-basedIDSsaretypicallyconsideredpartofacomprehensivesecurityprogramandnotnecessarilyinfrastructure.Twoprimarymethodsofdetectionareused:signature-basedandanomaly-based.IDSsarecoveredindetailinChapter13.
NetworkAccessControlNetworkscompriseconnectedworkstationsandservers.Managingsecurityonanetworkinvolvesmanagingawiderangeofissues,fromvariousconnectedhardwareandthesoftwareoperatingthesedevices.Assumingthatthenetworkissecure,eachadditionalconnectioninvolvesrisk.Managingtheendpointsonacase-by-casebasisastheyconnectisasecuritymethodologyknownasnetworkaccesscontrol.Twomaincompetingmethodologiesexistthatdealwithnetworkaccesscontrol:NetworkAccessProtection(NAP)isaMicrosofttechnologyforcontrollingnetworkaccessofacomputerhost,andNetworkAdmissionControl(NAC)isCisco’stechnologyforcontrollingnetworkadmission.
TechTip
NACandNAPInteroperabilityAlthoughMicrosoft’sNAPandCisco’sNACappeartobecompetingmethodologies,theyare
infactcomplementary.NAPallowsmuchfiner-graincontrolforWindows-baseddevices,whileNACisamoregeneral-purposemethodologyforcontrollingadmissionthroughedgedevices.Recognizinghowtheycanworktogether,MicrosoftandCiscohavedeployedguidesonhowtocombinethesetwosystems,preservingtheadvantagesandinvestmentsineach.
Microsoft’sNAPsystemisbasedonmeasuringthesystemhealthoftheconnectingmachine,includingpatchlevelsoftheOS,antivirusprotection,andsystempolicies.TheobjectivebehindNAPistoenforcepolicyandgovernancestandardsonnetworkdevicesbeforetheyarealloweddata-levelaccesstoanetwork.NAPwasfirstutilizedinWindowsXPServicePack3,WindowsVista,andWindowsServer2008,anditrequiresadditionalinfrastructureserverstoimplementthehealthchecks.Thesystemincludesenforcementagentsthatinterrogateclientsandverifyadmissioncriteria.AdmissioncriteriacanincludeclientmachineID,statusofupdates,andsoforth.UsingNAP,networkadministratorscandefinegranularlevelsofnetworkaccessbasedonmultiplecriteria;whoaclientis,whatgroupsaclientbelongsto,andthedegreetowhichthatclientiscompliantwithcorporateclienthealthrequirements.ThesehealthrequirementsincludeOSupdates,antivirusupdates,andcriticalpatches.Responseoptionsincluderejectionoftheconnectionrequestorrestrictionofadmissiontoasubnet.NAPalsoprovidesamechanismforautomaticremediationofclienthealthrequirementsandrestorationofnormalaccesswhenhealthy.Cisco’sNACsystemisbuiltaroundanappliancethatenforcespolicies
chosenbythenetworkadministrator.Aseriesofthird-partysolutionscaninterfacewiththeappliance,allowingtheverificationofmanydifferentoptions,includingclientpolicysettings,softwareupdates,andclientsecurityposture.Theuseofthird-partydevicesandsoftwaremakesthisanextensiblesystemacrossawiderangeofequipment.BothCiscoNACandMicrosoftNAPareintheirearlystagesof
widespreadimplementation,withonlylargeenterprisestypicallytakingthesesteps.Althoughtheyhavebeenavailableforover5years,theyarenotbeingembracedacrossmostfirms.Theconceptofautomatedadmissioncheckingbasedonclientdevicecharacteristicsisheretostay,as
itprovidestimelycontrolintheever-changingnetworkworldoftoday’senterprises.
NetworkMonitoring/DiagnosticAcomputernetworkitselfcanbeconsideredalargecomputersystem,withperformanceandoperatingissues.Justasacomputerneedsmanagement,monitoring,andfaultresolution,sodonetworks.SNMPwasdevelopedtoperformthisfunctionacrossnetworks.Theideaistoenableacentralmonitoringandcontrolcentertomaintain,configure,andrepairnetworkdevices,suchasswitchesandrouters,aswellasothernetworkservices,suchasfirewalls,IDSs,andremoteaccessservers.SNMPhassomesecuritylimitations,andmanyvendorshavedevelopedsoftwaresolutionsthatsitontopofSNMPtoprovidebettersecurityandbettermanagementtoolsuites.
SNMP,SimpleNetworkManagementProtocol,isapartoftheInternetProtocolsuiteofprotocols.Itisanopenstandard,designedfortransmissionofmanagementfunctionsbetweendevices.DonotconfusethiswithSMTP,SimpleMailTransferProtocol,whichisusedtotransfermailbetweenmachines.
Theconceptofanetworkoperationscenter(NOC)comesfromtheoldphonecompanynetworkdays,whencentralmonitoringcentersmonitoredthehealthofthetelephonenetworkandprovidedinterfacesformaintenanceandmanagement.Thissameconceptworkswellwithcomputernetworks,andcompanieswithmidsizeandlargernetworksemploythesamephilosophy.TheNOCallowsoperatorstoobserveandinteractwiththenetwork,usingtheself-reportingand,insomecases,self-healingnatureofnetworkdevicestoensureefficientnetworkoperation.Althoughgenerallyaboringoperationundernormalconditions,whenthingsstarttogowrong,asinthecaseofavirusorwormattack,theNOC
canbecomeabusyandstressfulplaceasoperatorsattempttoreturnthesystemtofullefficiencywhilenotinterruptingexistingtraffic.Asnetworkscanbespreadoutliterallyaroundtheworld,itisnot
feasibletohaveapersonvisiteachdeviceforcontrolfunctions.SoftwareenablescontrollersatNOCstomeasuretheactualperformanceofnetworkdevicesandmakechangestotheconfigurationandoperationofdevicesremotely.Theabilitytomakeremoteconnectionswiththisleveloffunctionalityisbothablessingandasecurityissue.Althoughthisallowsefficientnetworkoperationsmanagement,italsoprovidesanopportunityforunauthorizedentryintoanetwork.Forthisreason,avarietyofsecuritycontrolsareused,fromsecondarynetworkstoVPNsandadvancedauthenticationmethodswithrespecttonetworkcontrolconnections.Networkmonitoringisanongoingconcernforanysignificantnetwork.
Inadditiontomonitoringtrafficflowandefficiency,monitoringofsecurity-relatedeventsisnecessary.IDSsactmerelyasalarms,indicatingthepossibilityofabreachassociatedwithaspecificsetofactivities.Theseindicationsstillneedtobeinvestigatedandanappropriateresponseneedstobeinitiatedbysecuritypersonnel.Simpleitemssuchasportscansmaybeignoredbypolicy,butanactualunauthorizedentryintoanetworkrouter,forinstance,wouldrequireNOCpersonneltotakespecificactionstolimitthepotentialdamagetothesystem.Inanysignificantnetwork,coordinatingsystemchanges,dynamicnetworktrafficlevels,potentialsecurityincidents,andmaintenanceactivitiesisadauntingtaskrequiringnumerouspersonnelworkingtogether.Softwarehasbeendevelopedtohelpmanagetheinformationflowrequiredtosupportthesetasks.Suchsoftwarecanenableremoteadministrationofdevicesinastandardfashion,sothatthecontrolsystemscanbedevisedinahardwarevendor–neutralconfiguration.SNMPisthemainstandardembracedbyvendorstopermit
interoperability.AlthoughSNMPhasreceivedalotofsecurity-relatedattentionoflateduetovarioussecurityholesinitsimplementation,itisstillanimportantpartofasecuritysolutionassociatedwithnetworkinfrastructure.Manyusefultoolshavesecurityissues;thekeyisto
understandthelimitationsandtousethetoolswithincorrectboundariestolimittheriskassociatedwiththevulnerabilities.Blinduseofanytechnologywillresultinincreasedrisk,andSNMPisnoexception.Properplanning,setup,anddeploymentcanlimitexposuretovulnerabilities.Continuousauditingandmaintenanceofsystemswiththelatestpatchesisanecessarypartofoperationsandisessentialtomaintainingasecureposture.
LoadBalancersCertainsystems,suchasservers,aremorecriticaltobusinessoperationsandshouldthereforebetheobjectoffault-tolerancemeasures.Loadbalancersaredesignedtodistributetheprocessingloadovertwoormoresystems.Theyareusedtohelpimproveresourceutilizationandthroughputbutalsohavetheaddedadvantageofincreasingthefaulttoleranceoftheoverallsystemsinceacriticalprocessmaybesplitacrossseveralsystems.Shouldanyonesystemfail,theotherscanpickuptheprocessingitwashandling.
ProxiesProxiesservetomanageconnectionsbetweensystems,actingasrelaysforthetraffic.Proxiescanfunctionatthecircuitlevel,wheretheysupportmultipletraffictypes,ortheycanbeapplication-levelproxies,whicharedesignedtorelayspecificapplicationtraffic.AnHTTPproxycanmanageanHTTPconversationasitunderstandsthetypeandfunctionofthecontent.Application-specificproxiescanserveassecuritydevicesiftheyareprogrammedwithspecificrulesdesignedtoprovideprotectionagainstundesiredcontent.Thoughnotstrictlyasecuritytool,aproxyserver(orsimplyproxy)can
beusedtofilteroutundesirabletrafficandpreventemployeesfromaccessingpotentiallyhostilewebsites.Aproxyservertakesrequestsfromaclientsystemandforwardsthemtothedestinationserveronbehalfofthe
client,asshowninFigure10.8.Proxyserverscanbecompletelytransparent(theseareusuallycalledgatewaysortunnelingproxies),oraproxyservercanmodifytheclientrequestbeforesendingiton,orevenservetheclient’srequestwithoutneedingtocontactthedestinationserver.Severalmajorcategoriesofproxyserversareinuse:
•Figure10.8HTTPproxyhandlingclientrequestsandwebserverresponses
AnonymizingproxyAnanonymizingproxyisdesignedtohideinformationabouttherequestingsystemandmakeauser’swebbrowsingexperience“anonymous.”Thistypeofproxyserviceisoften
usedbyindividualswhoareconcernedabouttheamountofpersonalinformationbeingtransferredacrosstheInternetandtheuseoftrackingcookiesandothermechanismstotrackbrowsingactivity.
CachingproxyThistypeofproxykeepslocalcopiesofpopularclientrequestsandisoftenusedinlargeorganizationstoreducebandwidthusageandincreaseperformance.Whenarequestismade,theproxyserverfirstcheckstoseewhetherithasacurrentcopyoftherequestedcontentinthecache;ifitdoes,itservicestheclientrequestimmediatelywithouthavingtocontactthedestinationserver.Ifthecontentisoldorthecachingproxydoesnothaveacopyoftherequestedcontent,therequestisforwardedtothedestinationserver.
Content-filteringproxyContent-filteringproxiesexamineeachclientrequestandcompareittoanestablishedacceptableusepolicy(AUP).Requestscanusuallybefilteredinavarietyofways,includingbytherequestedURL,destinationsystem,ordomainnameorbykeywordsinthecontentitself.Content-filteringproxiestypicallysupportuser-levelauthentication,soaccesscanbecontrolledandmonitoredandactivitythroughtheproxycanbeloggedandanalyzed.Thistypeofproxyisverypopularinschools,corporateenvironments,andgovernmentnetworks.
OpenproxyAnopenproxyisessentiallyaproxythatisavailabletoanyInternetuserandoftenhassomeanonymizingcapabilitiesaswell.Thistypeofproxyhasbeenthesubjectofsomecontroversy,withadvocatesforInternetprivacyandfreedomononesideoftheargument,andlawenforcement,corporations,andgovernmententitiesontheotherside.Asopenproxiesareoftenusedtocircumventcorporateproxies,manycorporationsattempttoblocktheuseofopenproxiesbytheiremployees.
ReverseproxyAreverseproxyistypicallyinstalledontheserversideofanetworkconnection,ofteninfrontofagroupofwebservers.Thereverseproxyinterceptsallincomingwebrequestsandcanperformanumberoffunctions,includingtrafficfilteringandshaping,SSL
decryption,servingofcommonstaticcontentsuchasgraphics,andperformingloadbalancing.
WebproxyAwebproxyissolelydesignedtohandlewebtrafficandissometimescalledawebcache.Mostwebproxiesareessentiallyspecializedcachingproxies.
ExamTip:Aproxyserverisasystemorapplicationthatactsasago-betweenforclients’requestsfornetworkservices.Theclienttellstheproxyserverwhatitwantsand,iftheclientisauthorizedtohaveit,theproxyserverconnectstotheappropriatenetworkserviceandgetstheclientwhatitaskedfor.Webproxiesarethemostcommonlydeployedtypeofproxyserver.
Deployingaproxysolutionwithinanetworkenvironmentisusuallydoneeitherbysettinguptheproxyandrequiringallclientsystemstoconfiguretheirbrowserstousetheproxyorbydeployinganinterceptingproxythatactivelyinterceptsallrequestswithoutrequiringclient-sideconfiguration.Fromasecurityperspective,proxiesaremostusefulintheirabilityto
controlandfilteroutboundrequests.Bylimitingthetypesofcontentandwebsitesemployeescanaccessfromcorporatesystems,manyadministratorshopetoavoidlossofcorporatedata,hijackedsystems,andinfectionsfrommaliciouswebsites.AdministratorsalsouseproxiestoenforcecorporateAUPsandtrackuseofcorporateresources.Mostproxiescanbeconfiguredtoeitheralloworrequireindividualuserauthentication—thisgivesthemtheabilitytologandcontrolactivitybasedonspecificusersorgroups.Forexample,anorganizationmightwanttoallowthehumanresourcesgrouptobrowseFacebookduringbusinesshoursbutnotallowtherestoftheorganizationtodoso.
WebSecurityGatewaysSomesecurityvendorscombineproxyfunctionswithcontent-filtering
functionstocreateaproductcalledawebsecuritygateway.Websecuritygatewaysareintendedtoaddressthesecuritythreatsandpitfallsuniquetoweb-basedtraffic.Websecuritygatewaystypicallyprovidethefollowingcapabilities:
Real-timemalwareprotection(a.k.a.malwareinspection)Theabilitytoscanalloutgoingandincomingwebtraffictodetectandblockundesirabletrafficsuchasmalware,spyware,adware,maliciousscripts,file-basedattacks,andsoon.
ContentmonitoringTheabilitytomonitorthecontentofwebtrafficbeingexaminedtoensurethatitcomplieswithorganizationalpolicies.
ProductivitymonitoringTheabilitytomeasuretypesandquantitiesofwebtrafficthatisbeinggeneratedbyspecificusers,groupsofusers,ortheentireorganization.
DataprotectionandcomplianceScanningwebtrafficforsensitiveorproprietaryinformationbeingsentoutsideoftheorganizationaswellastheuseofsocialnetworksitesorinappropriatesites.
InternetContentFiltersWiththedramaticproliferationofInternettrafficandthepushtoprovideInternetaccesstoeverydesktop,manycorporationshaveimplementedcontent-filteringsystems,calledanInternetcontentfilter,toprotectthemfromemployees’viewingofinappropriateorillegalcontentattheworkplaceandthesubsequentcomplicationsthatoccurwhensuchviewingtakesplace.Internetcontentfilteringisalsopopularinschools,libraries,homes,governmentoffices,andanyotherenvironmentwherethereisaneedtolimitorrestrictaccesstoundesirablecontent.Inadditiontofilteringundesirablecontent,suchaspornography,somecontentfilterscanalsofilteroutmaliciousactivitysuchasbrowserhijackingattemptsorXSSattacks.Inmanycases,contentfilteringisperformedwithorasapartofaproxysolutionasthecontentrequestscanbefilteredandservicedby
thesamedevice.Contentcanbefilteredinavarietyofways,includingviatherequestedURL,thedestinationsystem,thedomainname,bykeywordsinthecontentitself,andbytypeoffilerequested.
Theterm“Internetcontentfilter”or“contentfilter”isappliedtoanydevice,application,orsoftwarepackagethatexaminesnetworktraffic(especiallywebtraffic)forundesirableorrestrictedcontent.AcontentfiltercouldbeasoftwarepackageloadedonaspecificPCoranetworkappliancecapableoffilteringanentireorganization’swebtraffic.
Content-filteringsystemsfacemanychallenges,becausetheever-changingInternetmakesitdifficulttomaintainlistsofundesirablesites(sometimecalledblacklists);termsusedonamedicalsitecanalsobeusedonapornographicsite,makingkeywordfilteringchallenging;anddeterminedusersarealwaysseekingwaystobypassproxyfilters.Tohelpadministrators,mostcommercialcontent-filteringsolutionsprovideanupdateservice,muchlikeIDSorantivirusproductsthatupdateskeywordsandundesirablesitesautomatically.
DataLossPreventionDatalossprevention(DLP)referstotechnologyemployedtodetectandpreventtransfersofdataacrossanenterprise.Employedatkeylocations,DLPtechnologycanscanpacketsforspecificdatapatterns.Thistechnologycanbetunedtodetectaccountnumbers,secrets,specificmarkers,orfiles.Whenspecificdataelementsaredetected,thesystemcanblockthetransfer.TheprimarychallengeinemployingDLPtechnologiesistheplacementofthesensor.TheDLPsensorneedstobeableobservethedata,soifthechannelisencrypted,DLPtechnologycanbethwarted.
UnifiedThreatManagementManysecurityvendorsoffer“all-in-onesecurityappliances,”whichare
devicesthatcombinemultiplefunctionsintothesamehardwareappliance.Mostcommonlythesefunctionsarefirewall,IDS/IPS,andantivirus,althoughall-in-oneappliancescanincludeVPNcapabilities,antispam,maliciouswebtrafficfiltering,antispyware,contentfiltering,trafficshaping,andsoon.All-in-oneappliancesareoftensoldasbeingcheaper,easiertomanage,andmoreefficientthanhavingseparatesolutionsthataccomplisheachofthefunctionstheall-in-oneapplianceiscapableofperforming.Acommonnamefortheseall-in-oneappliancesisaunifiedthreatmanagement(UTM)appliance.UsingaUTMsolutionsimplifiesthesecurityactivityasasingletask,underacommonsoftwarepackageforoperations.Thisreducesthelearningcurvetoasingletoolratherthanacollectionoftools.AUTMsolutioncanhavebetterintegrationandefficienciesinhandlingnetworktrafficandincidentsthanacollectionoftoolsconnectedtogether.Figure10.9illustratestheadvantagesofUTMprocessing.Ratherthan
processingelementsinalinearfashion,asshownin10.9a,thepacketsareprocessedinaparallelizedfashion(b).Thereisaneedtocoordinatebetweentheelementsandmanymodernsolutionsdothiswithparallelizedhardware.
•Figure10.9Unifiedthreatmanagementarchitecture
URLFilteringURLfiltersblockconnectionstowebsitesthatareinaprohibitedlist.TheuseofaUTMappliance,typicallybackedbyaservicetokeepthelistofprohibitedwebsitesupdated,providesanautomatedmeanstoblockaccesstositesdeemeddangerousorinappropriate.Becauseofthehighlyvolatilenatureofwebcontent,automatedenterprise-levelprotectionisneededtoensureareasonablechanceofblockingsourcesofinappropriate
content,malware,andothermaliciouscontent.
ContentInspectionInsteadofjustrelyingonaURLtodeterminetheacceptabilityofcontent,UTMappliancescanalsoinspecttheactualcontentbeingserved.Contentinspectionisusedtofilterwebrequeststhatreturncontentwithspecificcomponents,suchasnamesofbodyparts,musicorvideocontent,andothercontentthatisinappropriateforthebusinessenvironment.
MalwareInspectionMalwareisanotheritemthatcanbedetectedduringnetworktransmission,andUTMappliancescanbetunedtodetectmalware.Network-basedmalwaredetectionhastheadvantageofhavingtoupdateonlyasinglesystemasopposedtoallmachines.
MediaThebaseofcommunicationsbetweendevicesisthephysicallayeroftheOSImodel.Thisisthedomainoftheactualconnectionbetweendevices,whetherbywire,fiber,orradiofrequencywaves.Thephysicallayerseparatesthedefinitionsandprotocolsrequiredtotransmitthesignalphysicallybetweenboxesfromhigher-levelprotocolsthatdealwiththedetailsofthedataitself.Fourcommonmethodsareusedtoconnectequipmentatthephysicallayer:
Coaxialcable
Twisted-paircable
Fiber-optics
Wireless
CoaxialCableCoaxialcableisfamiliartomanyhouseholdsasamethodofconnectingtelevisionstoVCRsortosatelliteorcableservices.Itisusedbecauseofitshighbandwidthandshieldingcapabilities.Comparedtostandardtwisted-pairlinessuchastelephonelines,coaxialcable(“coax”)ismuchlesspronetooutsideinterference.Itisalsomuchmoreexpensivetorun,bothfromacost-per-footmeasureandfromacable-dimensionmeasure.Coaxcostsmuchmoreperfootthanstandardtwisted-pairwiresandcarriesonlyasinglecircuitforalargewirediameter.
•Acoaxconnector
AnoriginaldesignspecificationforEthernetconnections,coaxwasusedfrommachinetomachineinearlyEthernetimplementations.Theconnectorswereeasytouseandensuredgoodconnections,andthelimiteddistanceofmostofficeLANsdidnotcarryalargecostpenalty.Today,almostallofthisolderEthernetspecificationhasbeenreplacedbyfaster,cheapertwisted-pairalternatives,andtheonlyplaceyou’relikelytoseecoaxinadatanetworkisfromthecableboxtothecablemodem.
•Atypical8-wireUTPline
Becauseofitsphysicalnature,itispossibletodrillaholethroughtheouterpartofacoaxcableandconnecttothecenterconnector.Thisiscalleda“vampiretap”andisaneasymethodtogetaccesstothesignalanddatabeingtransmitted.
UTP/STPTwisted-pairwireshaveallbutcompletelyreplacedcoaxialcablesinEthernetnetworks.Twisted-pairwiresusethesametechnologyusedbythephonecompanyforthemovementofelectricalsignals.Singlepairsoftwistedwiresreduceelectricalcrosstalkandelectromagneticinterference.Multiplegroupsoftwistedpairscanthenbebundledtogetherincommongroupsandeasilywiredbetweendevices.
•Atypical8-wireSTPline
•AbundleofUTPwires
Twistedpairscomeintwotypes,shieldedandunshielded.Shieldedtwisted-pair(STP)hasafoilshieldaroundthepairstoprovideextrashieldingfromelectromagneticinterference.Unshieldedtwisted-pair(UTP)reliesonthetwisttoeliminateinterference.UTPhasacostadvantageoverSTPandisusuallysufficientforconnections,exceptinverynoisyelectricalareas.
Twisted-pairlinesarecategorizedbythelevelofdatatransmissiontheycansupport.Threecurrentcategoriesareinuse:
Category3(Cat3)Minimumforvoiceand10-MbpsEthernet.Category5(Cat5/Cat5e)For100-MbpsFastEthernet;Cat5eisanenhancedversionoftheCat5specificationtoaddressfar-endcrosstalkandissuitablefor1000Mbps.
Category6(Cat6/Cat6a)For10-GigabitEthernetovershortdistances;Cat6aisusedforlonger,upto100m,10-Gbpscables.
Thestandardmethodforconnectingtwisted-paircablesisviaan8-pinconnector,calledanRJ-45connectorthatlookslikeastandardphonejackconnectorbutisslightlylarger.Oneniceaspectoftwisted-paircablingisthatit’seasytospliceandchangeconnectors.ManyanetworkadministratorhasmadeEthernetcablesfromstockCat-5wire,twoconnectors,andacrimpingtool.Thiseaseofconnectionisalsoasecurityissue;becausetwisted-paircablesareeasytospliceinto,rogueconnectionsforsniffingcouldbemadewithoutdetectionincableruns.Bothcoaxandfiberaremuchmoredifficulttosplicebecauseeachrequiresataptoconnect,andtapsareeasiertodetect.
FiberFiber-opticcableusesbeamsoflaserlighttoconnectdevicesoverathinglasswire.Thebiggestadvantagetofiberisitsbandwidth,withtransmissioncapabilitiesintotheterabitspersecondrange.Fiber-opticcableisusedtomakehigh-speedconnectionsbetweenserversandisthebackbonemediumoftheInternetandlargenetworks.Forallofitsspeedandbandwidthadvantages,fiberhasonemajordrawback—cost.Thecostofusingfiberisatwo-edgedsword.Whenmeasuredby
bandwidth,usingfiberischeaperthanusingcompetingwiredtechnologies.Thelengthofrunsoffibercanbemuchlonger,andthedatacapacityoffiberismuchhigher.Butconnectionstoafiberaredifficult
andexpensive,andfiberisimpossibletosplice.Makingthepreciseconnectionontheendofafiber-opticlineisahighlyskilledjobandisdonebyspeciallytrainedprofessionalswhomaintainalevelofproficiency.Oncetheconnectorisfittedontheend,severalformsofconnectorsandblocksareused,asshownintheimagesabove.
•Atypeoffiberterminator
•Atypicalfiber-opticfiber,terminator,andconnectorblock
Splicingfiberispracticallyimpossible;thesolutionistoaddconnectorsandconnectthrougharepeater.Thisaddstothesecurityoffiberinthatunauthorizedconnectionsareallbutimpossibletomake.Thehighcostofconnectionstofiberandthehighercostoffiberperfootalsomakeitlessattractiveforthefinalmileinpublicnetworkswhereusersareconnectedtothepublicswitchingsystems.Forthisreason,cablecompaniesusecoaxandDSLprovidersusetwisted-pairtohandlethe“lastmile”scenario.
UnguidedMedia
Electromagneticwaveshavebeentransmittedtoconveysignalsliterallysincetheinceptionofradio.Unguidedmediaisaphraseusedtocoveralltransmissionmedianotguidedbywire,fiber,orotherconstraints;itincludesradiofrequency,infrared,andmicrowavemethods.Unguidedmediahaveoneattributeincommon:theyareunguidedandassuchcantraveltomanymachinessimultaneously.Transmissionpatternscanbemodulatedbyantennas,butthetargetmachinecanbeoneofmanyinareceptionzone.Assuch,securityprinciplesareevenmorecritical,astheymustassumethatunauthorizedusershaveaccesstothesignal.
InfraredInfrared(IR)isabandofelectromagneticenergyjustbeyondtheredendofthevisiblecolorspectrum.IRhasbeenusedinremote-controldevicesforyears.IRmadeitsdebutincomputernetworkingasawirelessmethodtoconnecttoprinters.Nowthatwirelesskeyboards,wirelessmice,andmobiledevicesexchangedataviaIR,itseemstobeeverywhere.IRcanalsobeusedtoconnectdevicesinanetworkconfiguration,butitisslowcomparedtootherwirelesstechnologies.IRcannotpenetratewallsbutinsteadbouncesoffthem.Norcanitpenetrateothersolidobjects,soifyoustackafewitemsinfrontofthetransceiver,thesignalislost.
RF/MicrowaveTheuseofradiofrequency(RF)wavestocarrycommunicationsignalsgoesbacktothebeginningofthe20thcentury.RFwavesareacommonmethodofcommunicatinginawirelessworld.Theyuseavarietyoffrequencybands,eachwithspecialcharacteristics.ThetermmicrowaveisusedtodescribeaspecificportionoftheRFspectrumthatisusedforcommunicationandothertasks,suchascooking.Point-to-pointmicrowavelinkshavebeeninstalledbymanynetwork
providerstocarrycommunicationsoverlongdistancesandroughterrain.Manydifferentfrequenciesareusedinthemicrowavebandsformanydifferentpurposes.Today,homeuserscanusewirelessnetworkingthroughouttheirhouseandenablelaptopstosurftheWebwhilethey’re
movedaroundthehouse.Corporateusersareexperiencingthesamephenomenon,withwirelessnetworkingenablingcorporateuserstochecke-mailonlaptopswhileridingashuttlebusonabusinesscampus.ThesewirelesssolutionsarecoveredindetailinChapter12.
TechTip
WirelessOptionsTherearenumerousradio-basedalternativesforcarryingnetworktraffic.Theyvaryincapacity,distance,andotherfeatures.CommonlyfoundexamplesareWiFi,WiMAX,ZigBee,Bluetooth,900MHz,andNFC.UnderstandingthesecurityrequirementsassociatedwitheachisimportantandiscoveredinmoredetailinChapter12.
OnekeyfeatureofmicrowavecommunicationsisthatmicrowaveRFenergycanpenetratereasonableamountsofbuildingstructure.Thisallowsyoutoconnectnetworkdevicesinseparaterooms,anditcanremovetheconstraintsonequipmentlocationimposedbyfixedwiring.Anotherkeyfeatureisbroadcastcapability.Byitsnature,RFenergyisunguidedandcanbereceivedbymultipleuserssimultaneously.Microwavesallowmultipleusersaccessinalimitedarea,andmicrowavesystemsareseeingapplicationasthelastmileoftheInternetindensemetropolitanareas.Point-to-multipointmicrowavedevicescandeliverdatacommunicationtoallthebusinessusersinadowntownmetropolitanareathroughrooftopantennas,reducingtheneedforexpensivebuilding-to-buildingcables.Justasmicrowavescarrycellphoneandotherdatacommunications,thesametechnologiesofferamethodtobridgethelast-milesolution.The“lastmile”problemistheconnectionofindividualconsumerstoa
backbone,anexpensivepropositionbecauseofthesheernumberofconnectionsandunsharedlineatthispointinanetwork.Again,costisanissue,astransceiverequipmentisexpensive,butindenselypopulatedareas,suchasapartmentsandofficebuildingsinmetropolitanareas,theuserdensitycanhelpdefrayindividualcosts.Speedoncommercialmicrowavelinkscanexceed10Gbps,sospeedisnotaproblemfor
connectingmultipleusersorforhigh-bandwidthapplications.
RemovableMediaOneconceptcommontoallcomputerusersisdatastorage.Sometimesstorageoccursonafileserverandsometimesitoccursonmovablemedia,allowingittobetransportedbetweenmachines.Movingstoragemediarepresentsasecurityriskfromacoupleofangles,thefirstbeingthepotentiallossofcontroloverthedataonthemovingmedia.Secondistheriskofintroducingunwanteditems,suchasavirusoraworm,whenthemediaareattachedbacktoanetwork.Bothoftheseissuescanberemediedthroughpoliciesandsoftware.Thekeyistoensurethatthepoliciesareenforcedandthesoftwareiseffective.Todescribemedia-specificissues,mediacanbedividedintothreecategories:magnetic,optical,andelectronic.
Removableandtransportablemediamakethephysicalsecurityofthedataamoredifficulttask.Theonlysolutiontothisproblemisencryption,whichiscoveredinChapter5.
MagneticMediaMagneticmediastoredatathroughtherearrangementofmagneticparticlesonanonmagneticsubstrate.Commonformsincludeharddrives,floppydisks,zipdisks,andmagnetictape.Althoughthespecificformatcandiffer,thebasicconceptisthesame.Allthesedevicessharesomecommoncharacteristics:Eachhassensitivitytoexternalmagneticfields.Attachafloppydisktotherefrigeratordoorwithamagnetifyouwanttotestthesensitivity.Theyarealsoaffectedbyhightemperatures,asinfires,andbyexposuretowater.
HardDrivesHarddrivesusedtorequirelargemachinesinmainframes.Nowtheyaresmallenoughtoattachtomobiledevices.Theconceptsremainthesameamongallofthem:aspinningplatterrotatesthemagneticmediabeneathheadsthatreadthepatternsintheoxidecoating.Asdriveshavegottensmallerandrotationspeedshaveincreased,thecapacitieshavealsogrown.Todaygigabytesofdatacanbestoredinadeviceslightlylargerthanabottlecap.Portableharddrivesinthe1TBto3TBrangearenowavailableandaffordable.
•2TBUSBharddrive
Oneofthesecuritycontrolsavailabletohelpprotecttheconfidentialityofthedataisfulldriveencryptionbuiltintothedrivehardware.Usingakeythatiscontrolled,throughaTrustedPlatformModule(TPM)interface
forinstance,thistechnologyprotectsthedataifthedriveitselfislostorstolen.ThismaynotbeimportantifathieftakesthewholePC,butinlargerstorageenvironments,drivesareplacedinseparateboxesandremotelyaccessed.Inthespecificcaseofnotebookmachines,thislayercanbetiedtosmartcardinterfacestoprovidemoresecurity.Asthisisbuiltintothecontroller,encryptionprotocolssuchasAdvancedEncryptionStandard(AES)andTripleDataEncryptionStandard(3DES)canbeperformedatfulldrivespeed.
DiskettesFloppydiskswerethecomputerindustry’sfirstattemptatportablemagneticmedia.Themovablemediumwasplacedinaprotectivesleeve,andthedriveremainedinthemachine.Capacitiesupto1.4MBwereachieved,butthefragilityofthedeviceasthesizeincreased,aswellascompetingmedia,hasrenderedfloppiesalmostobsolete.Diskettesarepartofhistorynow.
TapeMagnetictapehasheldaplaceincomputercenterssincethebeginningofcomputing.Itsprimaryusehasbeenbulkofflinestorageandbackup.Tapefunctionswellinthisrolebecauseofitslowcost.Thedisadvantageoftapeisitsnatureasaserialaccessmedium,makingitslowtoworkwithforlargequantitiesofdata.Severaltypesofmagnetictapeareinusetoday,rangingfromquarterinchtodigitallineartape(DLT)anddigitalaudiotape(DAT).Thesecartridgescanholdupwardof60GBofcompresseddata.Tapesarestillamajorconcernfromasecurityperspective,astheyare
usedtobackupmanytypesofcomputersystems.Thephysicalprotectionaffordedthetapesisofconcern,becauseifatapeisstolen,anunauthorizedusercouldestablishanetworkandrecoveryourdataonhissystem,becauseit’sallstoredonthetape.Offsitestorageisneededforproperdisasterrecoveryprotection,butsecureoffsitestorageandtransportiswhatisreallyneeded.Thisimportantissueisfrequentlyoverlookedin
manyfacilities.Thesimplesolutiontomaintaincontroloverthedataevenwhenyoucan’tcontrolthetapeisthroughencryption.Backuputilitiescansecurethebackupswithencryption,butthisoptionisfrequentlynotused,foravarietyofreasons.Regardlessoftherationalefornotencryptingdata,onceatapeislost,notusingtheencryptionoptionbecomesalamenteddecision.
•Amagnetictapecartridgeforbackups
OpticalMediaOpticalmediainvolvetheuseofalasertoreaddatastoredonaphysical
device.Insteadofhavingamagneticheadthatpicksupmagneticmarksonadisk,alaserpicksupdeformitiesembeddedinthemediathatcontaintheinformation.Aswithmagneticmedia,opticalmediacanberead-write,althoughtheread-onlyversionisstillmorecommon.
CD-R/DVDThecompactdisc(CD)tookthemusicindustrybystorm,andthenittookthecomputerindustrybystormaswell.AstandardCDholdsmorethan640MBofdata,insomecasesupto800MB.Thedigitalvideodisc(DVD)canholdalmost5GBofdatasinglesided,8.5GBduallayer.Thesedevicesoperateasopticalstorage,withlittlemarksburnedinthemtorepresent1’sand0’sonamicroscopicscale.ThemostcommontypeofCDistheread-onlyversion,inwhichthedataiswrittentothedisconceandonlyreadafterward.Thishasbecomeapopularmethodfordistributingcomputersoftware,althoughhigher-capacityDVDshavereplacedCDsforprogramdistribution.
•ADVD(left)andCD(right)
Asecond-generationdevice,therecordablecompactdisc(CD-R),allowsuserstocreatetheirownCDsusingaburnerdeviceintheirPCandspecialsoftware.Userscannowbackupdata,maketheirownaudioCDs,anduseCDsashigh-capacitystorage.Theirrelativelylowcosthasmadethemeconomicaltouse.CDshaveathinlayerofaluminuminsidetheplastic,uponwhichbumpsareburnedbythelaserwhenrecorded.CD-Rsuseareflectivelayer,suchasgold,uponwhichadyeisplacedthatchangesuponimpactbytherecordinglaser.Anewertype,CD-RW,hasadifferentdyethatallowsdiscstobeerasedandreused.ThecostofthemediaincreasesfromCD,toCD-R,toCD-RW.
Blu-rayDiscsThelatestversionofopticaldiscistheBlu-raydisc.Usingasmaller,violet-bluelaser,thissystemcanholdsignificantlymoreinformationthanaDVD.Blu-raydiscscanholdupto128GBinfourlayers.ThetransferspeedofBlu-rayat>48MbpsisoverfourtimesgreaterthanthatofDVDsystems.Designedforhigh-definition(HD)video,Blu-rayofferssignificantstoragefordataaswell.
TechTip
BackupLifetimesAcommonmisconceptionisthatdatabackedupontomagneticmediawilllastforlongperiodsoftime.Althoughoncetoutedaslastingdecades,modernmicro-encodingmethodsareprovinglessdurablethanexpected,sometimeswithlifetimeslessthantenyears.Asecondaryproblemismaintainingoperatingsystemaccessviadriverstolegacyequipment.Astechnologymovesforward,findingdriversforten-year-oldtapedrivesforWindows7orthelatestversionofLinuxwillprovetobeamajorhurdle.
DVDsnowoccupythesamerolethatCDshaveintherecentpast,exceptthattheyholdmorethanseventimesthedataofaCD.Thismakesfull-lengthmovierecordingpossibleonasingledisc.TheincreasedcapacitycomesfromfinertolerancesandthefactthatDVDscanholddata
onbothsides.AwiderangeofformatsforDVDsincludeDVD+R,DVD-R,duallayer,andnowHDformats,HD-DVDandBlu-ray.Thisvarietyisduetocompeting“standards”andcanresultinconfusion.DVD+Rand-Raredistinguishableonlywhenrecording,andmostdevicessince2004shouldreadboth.Duallayersaddadditionalspacebutrequireappropriatedual-layer–enableddrives.
ElectronicMediaThelatestformofremovablemediaiselectronicmemory.Electroniccircuitsofstaticmemory,whichcanretaindataevenwithoutpower,fillanichewherehighdensityandsmallsizeareneeded.Originallyusedinaudiodevicesanddigitalcameras,theseelectronicmediacomeinavarietyofvendor-specifictypes,suchassmartcards,SmartMedia,SDcards,flashcards,memorysticks,andCompactFlashdevices.Thesememorydevicesrangefromsmallcard-likedevices,ofwhichmicroSDcardsaresmallerthandimesandhold2GB,toUSBsticksthatholdupto64GB.Thesedevicesarebecomingubiquitous,withnewPCsandnetbookscontainingbuilt-inslotstoreadthemlikeanyotherstoragedevice.
•SD,microSD,andCompactFlashcards
Althoughtheyareusedprimarilyforphotosandmusic,thesedevicescouldbeusedtomoveanydigitalinformationfromonemachinetoanother.Toamachineequippedwithaconnectorport,thesedeviceslooklikeanyotherfilestoragelocation.TheycanbeconnectedtoasystemthroughaspecialreaderordirectlyviaaUSBport.InnewerPCsystems,aUSBbootdevicehasreplacedtheolderfloppydrive.Thesedevicesaresmall,canholdasignificantamountofdata—over128GBattimeofwriting—andareeasytomovefrommachinetomachine.Anothernovelinterfaceisamousethathasaslotforamemorystick.Thisdual-purposedeviceconservesspace,conservesUSBports,andiseasytouse.Thememorystickisplacedinthemouse,whichcanthenbeusednormally.Thestickiseasilyremovableandtransportable.Themouseworkswithorwithoutthememorystick;itisjustaconvenientdevicetouseforaportal.
Theadventoflarge-capacityUSBstickshasenableduserstobuildentiresystems,OSs,andtoolsontothemtoensuresecurityandveracityoftheOSandtools.Withtheexpandinguseofvirtualization,ausercouldcarryanentiresystemonaUSBstickandbootitusingvirtuallyanyhardware.WithUSB3.0andits640-Mbpsspeeds,thisisahighlyversatileformofmemorythatenablesmanynewcapabilities.
•128GBUSB3.0memorystick
Solid-StateHardDrivesWiththeriseofsolid-statememorytechnologiescomesasolid-state“harddrive.”Solid-statedrives(SSDs)aremovingintomobiledevices,desktops,andevenservers.Memorydensitiesaresignificantlybeyondphysicaldrives,therearenomovingpartstowearoutorfail,andSSDshavevastlysuperiorperformancespecifications.Figure10.10showsa512GBSSDfromalaptop,onahalf-heightminicardmSATAinterface.Theonlyfactorthathasslowedthespreadofthistechnologyhasbeencost,butrecentcostreductionshavemadethisformofmemoryafirst
choiceinmanysystems.
Figure10.10 512GBsolid-statehalf-heightminicard
SecurityConcernsforTransmissionMediaTheprimarysecurityconcernforasystemadministratorhastobe
preventingphysicalaccesstoaserverbyanunauthorizedindividual.Suchaccesswillalmostalwaysspelldisaster,forwithdirectaccessandthecorrecttools,anysystemcanbeinfiltrated.Oneoftheadministrator’snextmajorconcernsshouldbepreventingunfetteredaccesstoanetworkconnection.Accesstoswitchesandroutersisalmostasbadasdirectaccesstoaserver,andaccesstonetworkconnectionswouldrankthirdintermsofworst-casescenarios.Preventingsuchaccessiscostly,yetthecostofreplacingaserverbecauseoftheftisalsocostly.
PhysicalSecurityConcernsAbalancedapproachisthemostsensibleapproachwhenaddressingphysicalsecurity,andthisappliestotransmissionmediaaswell.Keepingnetworkswitchroomssecureandcablerunssecureseemsobvious,butcasesofusingjanitorialclosetsforthisvitalbusinesspurposeabound.Oneofthekeystomountingasuccessfulattackonanetworkisinformation.Usernames,passwords,serverlocations—allofthesecanbeobtainedifsomeonehastheabilitytoobservenetworktrafficinaprocesscalledsniffing.Asniffercanrecordallthenetworktraffic,andthisdatacanbeminedforaccounts,passwords,andtrafficcontent,allofwhichcanbeusefultoanunauthorizeduser.Onestartingpointformanyintrusionsistheinsertionofanunauthorizedsnifferintothenetwork,withthefruitsofitslaborsdrivingtheremainingunauthorizedactivities.Manycommonscenariosexistwhenunauthorizedentrytoanetworkoccurs,includingthese:
Insertinganodeandfunctionalitythatisnotauthorizedonthenetwork,suchasasnifferdeviceorunauthorizedwirelessaccesspoint
Modifyingfirewallsecuritypolicies
ModifyingACLsforfirewalls,switches,orrouters
Modifyingnetworkdevicestoechotraffictoanexternalnode
Networkdevicesandtransmissionmediabecometargetsbecausetheyaredispersedthroughoutanorganization,andphysicalsecurityofmanydisperseditemscanbedifficulttomanage.Althoughlimitingphysicalaccessisdifficult,itisessential.Theleastlevelofskillisstillmorethansufficienttoaccomplishunauthorizedentryintoanetworkifphysicalaccesstothenetworksignalsisallowed.Thisisonefactordrivingmanyorganizationstousefiber-optics,forthesecablesaremuchmoredifficulttotap.AlthoughmanytrickscanbeemployedwithswitchesandVLANstoincreasesecurity,itisstillessentialthatyoupreventunauthorizedcontactwiththenetworkequipment.
CrossCheckPhysicalInfrastructureSecurityThebestfirsteffortistosecuretheactualnetworkequipmenttopreventthistypeofintrusion.AsyoushouldrememberfromChapter8,physicalaccesstonetworkinfrastructureprovidesamyriadofissues,andmostofthemcanbecatastrophicwithrespecttosecurity.Physicallysecuringaccesstonetworkcomponentsisoneofthe“mustdos”ofacomprehensivesecurityeffort.
Wirelessnetworksmaketheintruder’staskeveneasier,astheytakethenetworktotheusers,authorizedornot.Atechniquecalledwar-drivinginvolvesusingalaptopandsoftwaretofindwirelessnetworksfromoutsidethepremises.Atypicaluseofwar-drivingistolocateawirelessnetworkwithpoor(orno)securityandobtainfreeInternetaccess,butotherusescanbemoredevastating.Asimplesolutionistoplaceafirewallbetweenthewirelessaccesspointandtherestofthenetworkandauthenticateusersbeforeallowingentry.BusinessusersuseVPNtechnologytosecuretheirconnectiontotheInternetandotherresources,andhomeuserscandothesamethingtopreventneighborsfrom“sharing”theirInternetconnections.Toensurethatunauthorizedtrafficdoesnotenteryournetworkthroughawirelessaccesspoint,youmusteitheruseafirewallwithanauthenticationsystemorestablishaVPN.
CloudComputingCloudcomputingisacommontermusedtodescribecomputerservicesprovidedoveranetwork.Thesecomputingservicesarecomputing,storage,applications,andservicesthatareofferedviatheInternetProtocol.Oneofthecharacteristicsofcloudcomputingistransparencytotheenduser.Thisimprovesusabilityofthisformofserviceprovisioning.Cloudcomputingoffersmuchtotheuser:improvementsinperformance,scalability,flexibility,security,andreliability,amongotheritems.Theseimprovementsareadirectresultofthespecificattributesassociatedwithhowcloudservicesareimplemented.Securityisaparticularchallengewhendataandcomputationare
handledbyaremoteparty,asincloudcomputing.Thespecificchallengeishowdoesoneallowdataoutsidetheirenterpriseandyetremainincontroloverhowthedataisused,andthecommonanswerisencryption.Byproperlyencryptingdatabeforeitleavestheenterprise,externalstoragecanstillbeperformedsecurely.Cloudscanbecreatedbymanyentities,internalandexternaltoan
organization.Commercialcloudservicesarealreadyavailableandofferedbyavarietyoffirms,aslargeasGoogleandAmazon,tosmaller,localproviders.Internalservicescanreplicatetheadvantagesofcloudcomputingwhileimprovingtheutilityoflimitedresources.Thepromiseofcloudcomputingisimprovedutilityand,assuch,ismarketedundertheconceptsofSoftwareasaService,PlatformasaService,andInfrastructureasaService.
PrivateIfyourorganizationishighlysensitivetosharingresources,youmaywishtoconsidertheuseofaprivatecloud.Privatecloudsareessentiallyreservedresourcesusedonlyforyourorganization—yourownlittlecloudwithinthecloud.Thisservicewillbeconsiderablymoreexpensive,butitshouldalsocarrylessexposureandshouldenableyourorganizationto
betterdefinethesecurity,processing,andhandlingofdatathatoccurswithinyourcloud.
PublicThetermpubliccloudreferstowhenthecloudserviceisrenderedoverasystemthatisopenforpublicuse.Inmostcases,thereislittleoperationaldifferencebetweenpublicandprivatecloudarchitectures,butthesecurityramificationscanbesubstantial.Althoughpubliccloudserviceswillseparateuserswithsecurityrestrictions,thedepthandleveloftheserestrictions,bydefinition,willbesignificantlylessinapubliccloud.
HybridAhybridcloudstructureisonewhereelementsarecombinedfromprivate,public,andcommunitycloudstructures.Whenexaminingahybridstructure,youneedtoremaincognizantthatoperationallythesedifferingenvironmentsmaynotactuallybejoined,butratherusedtogether.Sensitiveinformationcanbestoredintheprivatecloudandissue-relatedinformationcanbestoredinthecommunitycloud,allofwhichinformationisaccessedbyanapplication.Thismakestheoverallsystemahybridcloudsystem.
CommunityAcommunitycloudsystemisonewhereseveralorganizationswithacommoninterestshareacloudenvironmentforthespecificpurposesofthesharedendeavor.Forexample,localpublicentitiesandkeylocalfirmsmayshareacommunityclouddedicatedtoservingtheinterestsofcommunityinitiatives.Thiscanbeanattractivecost-sharingmechanismforspecificdata-sharinginitiatives.
ExamTip:BesureyouunderstandthedifferencesbetweencloudcomputingservicemodelsPlatformasaService,SoftwareasaService,andInfrastructureasaService.
SoftwareasaServiceSoftwareasaService(SaaS)istheofferingofsoftwaretoendusersfromwithinthecloud.Ratherthaninstallingsoftwareonclientmachines,SaaSactsassoftwareondemandwherethesoftwarerunsfromthecloud.Thishasseveraladvantages,asupdatesareoftenseamlesstoendusersandintegrationbetweencomponentsisenhanced.
PlatformasaServicePlatformasaService(PaaS)isamarketingtermusedtodescribetheofferingofacomputingplatforminthecloud.Multiplesetsofsoftware,workingtogethertoprovideservices,suchasdatabaseservices,canbedeliveredviathecloudasaplatform.
InfrastructureasaServiceInfrastructureasaService(IaaS)isatermusedtodescribecloud-basedsystemsthataredeliveredasavirtualplatformforcomputing.Ratherthanbuildingdatacenters,IaaSallowsfirmstocontractforutilitycomputingasneeded.
Chapter10Review
LabManualExerciseThefollowinglabexercisefromthecompanionlabmanual,PrinciplesofComputerSecurityLabManual,FourthEdition,providespracticalapplicationofmaterialcoveredinthischapter:
Lab7.3lConfiguringaPersonalFirewallinLinux
ChapterSummaryAfterreadingthischapterandcompletingtheexercises,youshouldunderstandthefollowingaspectsofnetworkingandsecureinfrastructures.
Constructnetworksusingdifferenttypesofnetworkdevices
Understandthedifferencesbetweenbasicnetworkdevices,suchashubs,bridges,switches,androuters.
Understandthesecurityimplicationsofnetworkdevicesandhowtoconstructasecurenetworkinfrastructure.
Enhancesecurityusingsecuritydevices
Understandtheuseoffirewalls,next-generationfirewalls,andintrusiondetectionsystems.
Understandtheroleofloadbalancersandproxyserversaspartofasecurenetworksolution.
Understandtheuseofsecurityappliances,suchaswebsecuritygateways,datalossprevention,andunifiedthreatmanagement.
EnhancesecurityusingNAC/NAPmethodologies
TheCiscoNACprotocolandtheMicrosoftNAPprotocolprovidesecurityfunctionalitywhenattachingdevicestoanetwork.
NACandNAPplayacrucialroleinthesecuringofinfrastructureasdevicesenterandleavethenetwork.
NACandNAPcanbeusedtogethertotakeadvantageofthestrengthsandinvestmentsineachtechnologytoformastrongnetworkadmissionmethodology.
Identifythedifferenttypesofmediausedtocarrynetworksignals
Guidedandunguidedmediacanbothcarrynetworktraffic.
Wiredtechnologyfromcoaxcable,throughtwisted-pairEthernet,providesacost-effectivemeansofcarryingnetworktraffic.
Fibertechnologyisusedtocarryhigherbandwidth.
Unguidedmedia,includinginfraredandRF(includingwirelessandBluetooth),provideshort-rangenetworkconnectivity.
Describethedifferenttypesofstoragemediausedtostoreinformation
Thereareawidearrayofremovablemediatypesfrommemorystickstoopticaldiscstoportabledrives.
Datastorageonremovablemedia,becauseofincreasedphysicalaccess,createssignificantsecurityimplications.
Usebasicterminologyassociatedwithnetworkfunctionsrelatedtoinformationsecurity
Understandingandusingthecorrectvocabularyfordevicenamesandrelationshipstonetworkingisimportantasasecurityprofessional.
Securityappliancesaddterminology,includingspecificitemsforIDSandfirewalls.
Describethedifferenttypesandusesofcloudcomputing
Understandthetypesofcloudsinuse.
UnderstandtheuseofSoftwareasaService,InfrastructureasaService,andPlatformasaService.
KeyTermsbasicpacketfiltering(261)bridge(257)cloudcomputing(283)coaxialcable(274)collisiondomain(257)concentrator(264)datalossprevention(DLP)(272)firewall(260)hub(257)InfrastructureasaService(IaaS)(284)Internetcontentfilter(272)loadbalancer(269)modem(265)networkaccesscontrol(267)NetworkAccessProtection(NAP)(267)NetworkAdmissionControl(NAC)(268)NetworkAttachedStorage(NAS)(255)networkinterfacecard(NIC)(256)networkoperationscenter(NOC)(268)next-generationfirewall(263)PlatformasaService(PaaS)(284)privatebranchexchange(PBX)(266)proxyserver(270)router(258)sandboxing(255)servers(253)
shieldedtwisted-pair(STP)(275)SoftwareasaService(SaaS)(284)solid-statedrive(SSD)(281)switch(257)unifiedthreatmanagement(UTM)(272)unshieldedtwisted-pair(UTP)(275)virtualization(254)websecuritygateway(271)wirelessaccesspoint(264)workstation(253)
KeyTermsQuizUsetermsfromtheKeyTermslisttocompletethesentencesthatfollow.Don’tusethesametermmorethanonce.Notalltermswillbeused.
1.A(n)_______________routespacketsbasedonIPaddresses.2.Tooffersoftwaretoendusersfromthecloudisaformof
_______________.
3.Toconnectacomputertoanetwork,youusea(n)_______________.
4.A(n)_______________or_______________distributestrafficbasedonMACaddresses.
5.Toverifythatacomputerisproperlyconfiguredtoconnecttoanetwork,thenetworkcanuse_______________.
6._______________isanameforthetypicalcomputerauserusesonanetwork.
7.A(n)_______________repeatsalldatatrafficacrossallconnectedports.
8.Cat5isanexampleof_______________cable.9.Basicpacketfilteringoccursatthe____________.
10.A(n)_______________isanextensionofthetelephoneserviceintoafirm’stelecommunicationsnetwork.
Multiple-ChoiceQuiz1.SwitchesoperateatwhichlayeroftheOSImodel?
A.Physicallayer
B.Networklayer
C.Datalinklayer
D.Applicationlayer
2.UTPcablesareterminatedforEthernetusingwhattypeofconnector?
A.ABNCplug
B.AnEthernetconnector
C.Astandardphonejackconnector
D.AnRJ-45connector
3.Coaxialcablecarrieshowmanyphysicalchannels?A.Two
B.Four
C.One
D.Noneoftheabove
4.Networkaccesscontrolisassociatedwithwhichofthefollowing?
A.NAP
B.IPsec
C.IPv6
D.NAT
5.Thepurposeoftwistingthewiresintwisted-paircircuitsisto:A.Increasespeed
B.Increasebandwidth
C.Reducecrosstalk
D.Alloweasiertracing
6.MicrosoftNAPpermits:A.Restrictionofconnectionstoarestrictedsubnetonly
B.CheckingofaclientOSpatchlevelbeforeanetworkconnectionispermitted
C.Denialofaconnectionbasedonclientpolicysettings
D.Alloftheabove
7.SNMPisaprotocolusedforwhichofthefollowingfunctions?A.Securee-mail
B.Secureencryptionofnetworkpackets
C.Remoteaccesstouserworkstations
D.Remoteaccesstonetworkinfrastructure
8.Firewallscanusewhichofthefollowingintheiroperation?A.Statefulpacketinspection
B.Portblockingtodenyspecificservices
C.NATtohideinternalIPaddresses
D.Alloftheabove
9.SMTPisaprotocolusedforwhichofthefollowingfunctions?A.E-mail
B.Secureencryptionofnetworkpackets
C.Remoteaccesstouserworkstations
D.Noneoftheabove
10.USB-basedflashmemoryischaracterizedby:A.Highcost
B.Lowcapacity
C.Slowaccess
D.Noneoftheabove
EssayQuiz1.Compareandcontrastroutersandswitchesbydescribingwhatthe
advantagesanddisadvantagesareofeach.
2.Describethecommonthreatstothetransmissionmediainanetwork,bytypeoftransmissionmedia.
LabProjects
•LabProject10.1UsingtwoPCsandasmallhomeoffice–typerouter,configurethemtocommunicateacrossthenetworkwitheachother.
•LabProject10.2DemonstratenetworkconnectivityusingWindowscommand-linetools.
chapter11 AuthenticationandRemoteAccess
WeshouldsetanationalgoalofmakingcomputersandInternetaccessavailableforeveryAmerican.
O
—WILLIAMJEFFERSONCLINTON
Inthischapter,youwilllearnhowto
Identifythedifferencesamonguser,group,androlemanagement
Implementpasswordanddomainpasswordpolicies
Describemethodsofaccountmanagement(SSO,timeofday,logicaltoken,accountexpiration)
Describemethodsofaccessmanagement(MAC,DAC,andRBAC)
Discussthemethodsandprotocolsforremoteaccesstonetworks
Identifyauthentication,authorization,andaccounting(AAA)protocols
Explainauthenticationmethodsandthesecurityimplicationsintheiruse
Implementvirtualprivatenetworks(VPNs)andtheirsecurityaspects
DescribeInternetProtocolSecurity(IPsec)anditsuseinsecuringcommunications
nsingle-usersystemssuchasPCs,theindividualusertypicallyhasaccesstomostofthesystem’sresources,processingcapability,andstoreddata.Onmultiusersystems,suchasserversandmainframes,an
individualusertypicallyhasverylimitedaccesstothesystemandthedatastoredonthatsystem.Anadministratorresponsibleformanagingandmaintainingthemultiusersystemhasmuchgreateraccess.Sohowdoesthecomputersystemknowwhichusersshouldhaveaccesstowhatdata?Howdoestheoperatingsystemknowwhatapplicationsauserisallowedtouse?Onearlycomputersystems,anyonewithphysicalaccesshadfairly
significantrightstothesystemandcouldtypicallyaccessanyfileorexecuteanyapplication.Ascomputersbecamemorepopularanditbecameobviousthatsomewayofseparatingandrestrictinguserswasneeded,theconceptsofusers,groups,andprivilegescameintobeing(privilegesmeanyouhavetheabilityto“dosomething”onacomputersystemsuchascreateadirectory,deleteafile,orrunaprogram).Theseconceptscontinuetobedevelopedandrefinedandarenowpartofwhat
wecallprivilegemanagement.Privilegemanagementistheprocessofrestrictingauser’sabilityto
interactwiththecomputersystem.Essentially,everythingausercandotoorwithacomputersystemfallsintotherealmofprivilegemanagement.Privilegemanagementoccursatmanydifferentpointswithinanoperatingsystemorevenwithinapplicationsrunningonaparticularoperatingsystem.Remoteaccessisanotherkeyissueformultiusersystemsintoday’s
worldofconnectedcomputers.Isolatedcomputers,notconnectedtonetworksortheInternet,arerareitemsthesedays.Exceptforsomespecial-purposemachines,mostcomputersneedinterconnectivitytofulfilltheirpurpose.Remoteaccessenablesusersoutsideanetworktohavenetworkaccessandprivilegesasiftheywereinsidethenetwork.Beingoutsideanetworkmeansthattheuserisworkingonamachinethatisnotphysicallyconnectedtothenetworkandmustthereforeestablishaconnectionthrougharemotemeans,suchasbydialingin,connectingviatheInternet,orconnectingthroughawirelessconnection.Authenticationistheprocessofestablishingauser’sidentitytoenable
thegrantingofpermissions.Toestablishnetworkconnections,avarietyofmethodsareused,thechoiceofwhichdependsonnetworktype,thehardwareandsoftwareemployed,andanysecurityrequirements.
User,Group,andRoleManagementTomanagetheprivilegesofmanydifferentpeopleeffectivelyonthesamesystem,amechanismforseparatingpeopleintodistinctentities(users)isrequired,soyoucancontrolaccessonanindividuallevel.Atthesametime,it’sconvenientandefficienttobeabletolumpuserstogetherwhengrantingmanydifferentpeople(groups)accesstoaresourceatthesametime.Atothertimes,it’susefultobeabletograntorrestrictaccessbasedonaperson’sjoborfunctionwithintheorganization(role).Whileyoucanmanageprivilegesonthebasisofusersalone,managinguser,group,androleassignmentstogetherisfarmoreconvenientandefficient.
TechTip
UserIDvs.UsernameTheterms“userID”and“username”aresometimesusedinterchangeably,buttraditionallythetermuserIDismoreoftenassociatedwithUNIXoperatingsystems.InUNIXoperatingsystems,eachuserisidentifiedbyanunsignedintegercalledauseridentifier,oftenshortenedtouserID.
UserThetermusergenerallyappliestoanypersonaccessingacomputersystem.Inprivilegemanagement,auserisasingleindividual,suchas“JohnForthright”or“SallyJenkins.”Thisisgenerallythelowestleveladdressedbyprivilegemanagementandthemostcommonareaforaddressingaccess,rights,andcapabilities.Whenaccessingacomputersystem,eachuserisgenerallygivenausername—auniquealphanumericidentifierheorshewillusetoidentifyhimselforherselfwhenloggingintooraccessingthesystem.Whendevelopingaschemeforselectingusernames,youshouldkeepinmindthatusernamesmustbeuniquetoeachuser,buttheymustalsobefairlyeasyfortheusertorememberanduse.
ExamTip:Ausernameisauniquealphanumericidentifierusedtoidentifyausertoacomputersystem.Permissionscontrolwhatauserisallowedtodowithobjectsonacomputersystem—whatfilestheycanopen,whatprinterstheycanuse,andsoon.InWindowssecuritymodels,permissionsdefinetheactionsausercanperformonanobject(openafile,deleteafolder,andsoon).Rightsdefinetheactionsausercanperformonthesystemitself,suchaschangethetime,adjustauditinglevels,andsoon.Rightsaretypicallyappliedtooperatingsystem–leveltasks.
Withsomenotableexceptions,ingeneralauserwhowantstoaccessacomputersystemmustfirsthaveausernamecreatedforhimonthesystem
hewishestouse.Thisisusuallydonebyasystemadministrator,securityadministrator,orotherprivilegeduser,andthisisthefirststepinprivilegemanagement—ausershouldnotbeallowedtocreatetheirownaccount.Oncetheaccountiscreatedandausernameisselected,the
administratorcanassignspecificpermissionstothatuser.Permissionscontrolwhattheuserisallowedtodowithobjectsonthesystem—whichfileshemayaccess,whichprogramshemayexecute,andsoon.WhilePCstypicallyhaveonlyoneortwouseraccounts,largersystemssuchasserversandmainframescanhavehundredsofaccountsonthesamesystem.Figure11.1showstheUsersmanagementtaboftheComputerManagementutilityonaWindowsServer2008system.Notethatseveraluseraccountshavebeencreatedonthissystem,eachidentifiedbyauniqueusername.
•Figure11.1UserstabonaWindowsServer2008system
Afew“special”useraccountsdon’ttypicallymatchupone-to-onewitharealperson.Theseaccountsarereservedforspecialfunctionsandtypicallyhavemuchmoreaccessandcontroloverthecomputersystemthantheaverageuseraccount.TwosuchaccountsaretheadministratoraccountunderWindowsandtherootaccountunderUNIX.Eachoftheseaccountsisalsoknownasthesuperuser—ifsomethingcanbedoneonthesystem,thesuperuserhasthepowertodoit.Theseaccountsarenottypicallyassignedtoaspecificindividualandarerestricted,accessedonlywhenthefullcapabilitiesofthataccountarerequired.
Auditinguseraccounts,groupmembership,andpasswordstrengthonaregularbasisisanextremelyimportantsecuritycontrol.Manycomplianceauditsfocusonthepresenceorlackofindustry-acceptedsecuritycontrols.
Duetothepowerpossessedbytheseaccounts,andthefew,ifany,restrictionsplacedonthem,theymustbeprotectedwithstrongpasswordsthatarenoteasilyguessedorobtained.Theseaccountsarealsothemostcommontargetsofattackers—iftheattackercangainrootaccessorassumetheprivilegelevelassociatedwiththerootaccount,shecanbypassmostaccesscontrolsandaccomplishanythingshewantsonthatsystem.
TechTip
GenericAccountsGenericaccountsareaccountswithoutanameduserbehindthem.Thesecanbeemployedforspecialpurposes,suchasrunningservicesandbatchprocesses,butbecausetheycannotbeattributedtoanindividual,theyshouldnothaveloginability.Itisalsoimportantthatiftheyhaveelevatedprivileges,theiractivitiesbecontinuallymonitoredastowhatfunctionstheyareperformingversuswhattheyareexpectedtobedoing.Generaluseofgenericaccountsshouldbeavoidedbecauseoftheincreasedriskassociatedwithnoattributioncapability.
Anotheraccountthatfallsintothe“special”categoryisthesystemaccountusedbyWindowsoperatingsystems.ThesystemaccounthasthesamefileprivilegesastheadministratoraccountandisusedbytheoperatingsystemandbyservicesthatrununderWindows.Bydefault,thesystemaccountisgrantedfullcontroltoallfilesonanNTFSvolume.ServicesandprocessesthatneedthecapabilitytologoninternallywithinWindowswillusethesystemaccount—forexample,theDNSServerandDHCPServerservicesinWindowsServer2008usetheLocalSystemaccount.
GroupUnderprivilegemanagement,agroupisacollectionofuserswithsomecommoncriteria,suchasaneedforaccesstoaparticulardatasetorgroupofapplications.Agroupcanconsistofoneuserorhundredsofusers,andeachusercanbelongtooneormoregroups.Figure11.2showsacommonapproachtogroupingusers—buildinggroupsbasedonjobfunction.
•Figure11.2Logicalrepresentationofgroups
Byassigningmembershipinaspecificgrouptoauser,youmakeitmucheasiertocontrolthatuser’saccessandprivileges.Forexample,if
everymemberoftheengineeringdepartmentneedsaccesstoproductdevelopmentdocuments,administratorscanplacealltheusersintheengineeringdepartmentinasinglegroupandallowthatgrouptoaccessthenecessarydocuments.Onceagroupisassignedpermissionstoaccessaparticularresource,addinganewusertothatgroupwillautomaticallyallowthatusertoaccessthatresource.Ineffect,theuser“inherits”thepermissionsofthegroupassoonassheisplacedinthatgroup.AsFigure11.3shows,acomputersystemcanhavemanydifferentgroups,eachwithitsownrightsandpermissions.
•Figure11.3GroupstabonaWindowsServer2008system
AsyoucanseefromthedescriptionfortheAdministratorsgroupinFigure11.3,thisgrouphascompleteandunrestrictedaccesstothesystem.
Thisincludesaccesstoallfiles,applications,anddatasets.AnyonewhobelongstotheAdministratorsgrouporisplacedinthisgroupwillhaveagreatdealofaccessandcontroloverthesystem.Someoperatingsystems,suchasWindows,havebuilt-ingroups—
groupsthatarealreadydefinedwithintheoperatingsystem,suchasAdministrators,PowerUsers,andEveryone.Thewholeconceptofgroupsrevolvesaroundmakingthetasksofassigningandmanagingpermissionseasier,andbuilt-ingroupscertainlyhelptomakethesetaskseasier.Individualusersaccountscanbeaddedtobuilt-ingroups,allowingadministratorstograntpermissionsetstousersquicklyandeasilywithouthavingtospecifypermissionsmanually.Forexample,addingauseraccountnamed“bjones”tothePowerUsersgroupgivesbjonesallthepermissionsassignedtothebuilt-inPowerUsersgroup,suchasinstallingdrivers,modifyingsettings,andinstallingsoftware.
RoleAnothercommonmethodofmanagingaccessandprivilegesisbyroles.Aroleisusuallysynonymouswithajoborsetoffunctions.Forexample,theroleofsecurityadmininMicrosoftSQLServermaybeappliedtosomeonewhoisresponsibleforcreatingandmanaginglogins,readingerrorlogs,andauditingtheapplication.Securityadminsneedtoaccomplishspecificfunctionsandneedaccesstocertainresourcesthatotherusersdonot—forexample,theyneedtobeabletocreateanddeletelogins,openandreaderrorlogs,andsoon.Ingeneral,anyoneservingintheroleofsecurityadminneedsthesamerightsandprivilegesaseveryothersecurityadmin.Forsimplicityandefficiency,rightsandprivilegescanbeassignedtotherolesecurityadmin,andanyoneassignedtofulfillthatroleautomaticallyhasthecorrectrightsandprivilegestoperformtherequiredtasks.
PasswordPolicies
Theusername/passwordcombinationisbyfarthemostcommonmeansofcontrollingaccesstoapplications,websites,andcomputersystems.Theaverageusermayhaveadozenormoreusernameandpasswordcombinationsbetweenschool,work,andpersonaluse.Tohelpusersselectagood,difficult-to-guesspassword,mostorganizationsimplementandenforceapasswordpolicy,whichtypicallyhasthefollowingcomponents:
TechTip
TOTPATime-basedOne-TimePassword(TOTP)generatorusesthecurrenttimeasoneoftheseedsinaone-timepassword.Thispreventsreplayattacksutilizingacapturedpassword.
PasswordconstructionHowmanycharactersapasswordshouldhave;theuseofcapitalization,numbers,andspecialcharacters;notbasingthepasswordonadictionarywordorpersonalinformation;notmakingthepasswordaslightmodificationofanexistingpassword;andsoon
ReuserestrictionsWhetherornotpasswordscanbereused,and,ifso,withwhatfrequency(howmanydifferentpasswordsmustyouusebeforeyoucanuseoneyou’veusedbefore)
DurationTheminimumandmaximumnumberofdaysapasswordcanbeusedbeforeitcanbechangedormustbechanged
ProtectionofpasswordsNotwritingdownpasswordswhereotherscanfindthem,notsavingpasswordsandnotallowingautomatedlogins,notsharingpasswordswithotherusers,andsoon
ConsequencesConsequencesassociatedwithviolationofornoncompliancewiththepolicy
TheSANSInstituteoffersseveralexamplesofpasswordpolicies(alongwithmanyothercommoninformationsecuritypolicies)onitswebsite
(www.sans.org—typepasswordpolicyintothesearchboxatthetopoftheSANSwebsite).Theoverallguidanceestablishedbytheorganization’ssecuritypolicyshouldberefinedintospecificguidancethatadministratorscanenforceattheoperatingsystemlevel.
ExamTip:Apasswordpolicyisasetofrulesdesignedtoenhancecomputersecuritybyrequiringuserstoemployandmaintainstrongpasswords.Adomainpasswordpolicyisapasswordpolicythatappliestoaspecificdomain.
DomainPasswordPolicyAdomainpasswordpolicyisapasswordpolicyforaspecificdomain.AsthesepoliciesareusuallyassociatedwiththeWindowsoperatingsystem,adomainpasswordpolicyisimplementedandenforcedonthedomaincontroller,whichisacomputerthatrespondstosecurityauthenticationrequests,suchasloggingintoacomputer,foraWindowsdomain.Thedomainpasswordpolicyusuallyfallsunderagrouppolicyobject(GPO)andhasthefollowingelements(seeFigure11.4):
•Figure11.4PasswordpolicyoptionsinWindowsLocalSecurityPolicy
EnforcepasswordhistoryTellsthesystemhowmanypasswordstorememberanddoesnotallowausertoreuseanoldpassword.
MaximumpasswordageSpecifiesthemaximumnumberofdaysapasswordmaybeusedbeforeitmustbechanged.
MinimumpasswordageSpecifiestheminimumnumberofdaysapasswordmustbeusedbeforeitcanbechangedagain.
MinimumpasswordlengthSpecifiestheminimumnumberof
charactersthatmustbeusedinapassword.
PasswordmustmeetcomplexityrequirementsSpecifiesthatthepasswordmustmeettheminimumlengthrequirementandhavecharactersfromatleastthreeofthefollowingfourgroups:Englishuppercasecharacters(AthroughZ),Englishlowercasecharacters(athroughz),numerals(0through9),andnon-alphabeticcharacters(suchas!,$,#,%).
StorepasswordsusingreversibleencryptionReversibleencryptionisaformofencryptionthatcaneasilybedecryptedandisessentiallythesameasstoringaplaintextversionofthepassword(becauseit’ssoeasytoreversetheencryptionandgetthepassword).Thisshouldbeusedonlywhenapplicationsuseprotocolsthatrequiretheuser’spasswordforauthentication(suchasChallenge-HandshakeAuthenticationProtocol,orCHAP).
Notonlyisitessentialtoensureeveryaccounthasastrongpassword,butalsoitisessentialtodisableordeleteunnecessaryaccounts.Ifyoursystemdoesnotneedtosupportguestoranonymousaccounts,thendisablethem.Whenuseroradministratoraccountsarenolongerneeded,removeordisablethem.Asabestpractice,alluseraccountsshouldbeauditedperiodicallytoensuretherearenounnecessary,outdated,orunneededaccountsonyoursystems.
Domainsarelogicalgroupsofcomputersthatshareacentraldirectorydatabase,knownastheActiveDirectorydatabaseforthemorerecentWindowsoperatingsystems.Thedatabasecontainsinformationabouttheuseraccountsandsecurityinformationforallresourcesidentifiedwithinthedomain.Eachuserwithinthedomainisassignedhisorherownuniqueaccount(thatis,adomainisnotasingleaccountsharedbymultipleusers),whichisthenassignedaccesstospecificresourceswithinthedomain.Inoperatingsystemsthatprovidedomaincapabilities,thepasswordpolicyissetintherootcontainerforthedomainandappliestoalluserswithinthatdomain.Settingapasswordpolicyforadomainissimilartosettingother
passwordpoliciesinthatthesamecriticalelementsneedtobeconsidered(passwordlength,complexity,life,andsoon).Ifachangetooneoftheseelementsisdesiredforagroupofusers,anewdomainneedstobecreatedbecausethedomainisconsideredasecurityboundary.InaWindowsoperatingsystemthatemploysActiveDirectory,thedomainpasswordpolicycanbesetintheActiveDirectoryUsersandComputersmenuintheAdministrativeToolssectionoftheControlPanel.
TechTip
CalculatingUniquePasswordCombinationsOneoftheprimaryreasonsadministratorsrequireuserstohavelongerpasswordsthatuseupper-andlowercaseletters,numbers,andatleastone“special”characteristohelpdeterpassword-guessingattacks.Onepopularpassword-guessingtechnique,calledabrute-forceattack,usessoftwaretoguesseverypossiblepassworduntilonematchesauser’spassword.Essentially,abruteforce-attacktriesa,thenaa,thenaaa,andsoonuntilitrunsoutofcombinationsorgetsapasswordmatch.Increasingboththepoolofpossiblecharactersthatcanbeusedinthepasswordandthenumberofcharactersrequiredinthepasswordcanexponentiallyincreasethenumberof“guesses”abrute-forceprogramneedstoperformbeforeitrunsoutofpossibilities.Forexample,ifourpasswordpolicyrequiresathree-characterpasswordthatusesonlylowercaseletters,thereareonly17,576possiblepasswords(26possiblecharacters,3characterslongis263combinations).Requiringasix-characterpasswordincreasesthatnumberto308,915,776possiblepasswords(266).Aneight-characterpasswordwithupper-andlowercase,specialsymbol,andanumberincreasesthepossiblepasswordsto708orover576trillioncombinationsPrecomputedhashesinrainbowtablescanalsobeusedtobruteforcepastshorter
passwords.Asthelengthincreases,sodoesthesizeoftherainbowtable.
SingleSign-OnTouseasystem,usersmustbeabletoaccessit,whichtheyusuallydobysupplyingtheiruserIDs(orusernames)andcorrespondingpasswords.Asanysecurityadministratorknows,themoresystemsaparticularuserhasaccessto,themorepasswordsthatusermusthaveandremember.The
naturaltendencyforusersistoselectpasswordsthatareeasytoremember,oreventhesamepasswordforuseonthemultiplesystemstheyaccess.Wouldn’titbeeasierfortheusersimplytologinonceandhavetorememberonlyasingle,goodpassword?Thisismadepossiblewithatechnologycalledsinglesign-on.Singlesign-on(SSO)isaformofauthenticationthatinvolvesthe
transferringofcredentialsbetweensystems.Asmoreandmoresystemsarecombinedindailyuse,usersareforcedtohavemultiplesetsofcredentials.Ausermayhavetologintothree,four,five,orevenmoresystemseverydayjusttodoherjob.Singlesign-onallowsausertotransferhercredentials,sothatloggingintoonesystemactstologherintoallofthem.OncetheuserhasenteredauserIDandpassword,thesinglesign-onsystempassesthesecredentialstransparentlytoothersystemssothatrepeatedlogonsarenotrequired.Putsimply,yousupplytherightusernameandpasswordonceandyouhaveaccesstoalltheapplicationsanddatayouneed,withouthavingtologinmultipletimesandremembermanydifferentpasswords.Fromauserstandpoint,SSOmeansyouneedtorememberonlyoneusernameandonepassword.Fromanadministrationstandpoint,SSOcanbeeasiertomanageandmaintain.Fromasecuritystandpoint,SSOcanbeevenmoresecure,asuserswhoneedtorememberonlyonepasswordarelesslikelytochoosesomethingtoosimpleorsomethingsocomplextheyneedtowriteitdown.Figure11.5showsalogicaldepictionoftheSSOprocess:
•Figure11.5Singlesign-onprocess
1.Theusersignsinonce,providingausernameandpasswordtotheSSOserver.
2.TheSSOserverprovidesauthenticationinformationtoanyresourcetheuseraccessesduringthatsession.Theserverinterfaceswiththeotherapplicationsandsystems—theuserdoesnotneedtologintoeachsystemindividually.
ExamTip:TheCompTIASecurity+examwillverylikelycontainquestionsregardingsinglesign-onbecauseitissuchaprevalenttopicandaverycommonapproachtomultisystemauthentication.
Inreality,SSOisusuallyalittlemoredifficulttoimplementthanvendorswouldleadyoutobelieve.Tobeeffectiveanduseful,allyourapplicationsneedtobeabletoaccessandusetheauthenticationprovidedbytheSSOprocess.Themorediverseyournetwork,thelesslikelythisistobethecase.Ifyournetwork,likemost,containsdifferentoperatingsystems,customapplications,andadiverseuserbase,SSOmaynotevenbeaviableoption.
TimeofDayRestrictionsSomeorganizationsneedtotightlycontrolcertainusers,groups,orevenrolesandlimitaccesstocertainresourcestospecificdaysandtimes.Mostserver-classoperatingsystemsenableadministratorstoimplementtimeofdayrestrictionsthatlimitwhenausercanlogin,whencertainresourcescanbeaccessed,andsoon.Timeofdayrestrictionsareusuallyspecifiedforindividualaccounts,asshowninFigure11.6.
•Figure11.6LogonhoursforGuestaccount
Fromasecurityperspective,timeofdayrestrictionscanbeveryuseful.Ifausernormallyaccessescertainresourcesduringnormalbusinesshours,anattempttoaccesstheseresourcesoutsidethistimeperiod(eitheratnightorontheweekend)mightindicateanattackerhasgainedaccesstooristryingtogainaccesstothataccount.Specifyingtimeofdayrestrictionscanalsoserveasamechanismtoenforceinternalcontrolsofcriticalorsensitiveresources.Obviously,adrawbacktoenforcingtimeofdayrestrictionsisthatitmeansthatausercan’tgotoworkoutsideofnormal
hoursto“catchup”withworktasks.Aswithallsecuritypolicies,usabilityandsecuritymustbebalancedinthispolicydecision.
Becarefulimplementingtimeofdayrestrictions.Someoperatingsystemsgiveyoutheoptionofdisconnectingusersassoonastheir“allowedlogintime”expiresregardlessofwhattheuserisdoingatthetime.Themorecommonlyusedapproachistoallowcurrentlylogged-inuserstostayconnectedbutrejectanyloginattemptsthatoccuroutsideofallowedhours.
TokensWhiletheusername/passwordcombinationhasbeenandcontinuestobethecheapestandmostpopularmethodofcontrollingaccesstoresources,manyorganizationslookforamoresecureandtamper-resistantformofauthentication.Usernamesandpasswordsare“somethingyouknow”(whichcanbeusedbyanyoneelsewhoknowsordiscoverstheinformation).Amoresecuremethodofauthenticationistocombinethe“somethingyouknow”with“somethingyouhave.”Atokenisanauthenticationfactorthattypicallytakestheformofaphysicalorlogicalentitythattheusermustbeinpossessionoftoaccesstheiraccountorcertainresources.Mosttokensarephysicaltokensthatdisplayaseriesofnumbersthat
changesevery30to90seconds,suchasthetokenpicturedinFigure11.7fromBlizzardEntertainment.Thissequenceofnumbersmustbeenteredwhentheuserisattemptingtologinoraccesscertainresources.Theever-changingsequenceofnumbersissynchronizedtoaremoteserversuchthatwhentheuserentersthecorrectusername,password,andmatchingsequenceofnumbers,heisallowedtologin.Evenifanattackerobtainstheusernameandpassword,theattackercannotloginwithoutthematchingsequenceofnumbers.OtherphysicaltokensincludeCommonAccessCards(CACs),USBtokens,smartcards,andPCcards.
•Figure11.7TokenauthenticatorfromBlizzardEntertainment
Tokensmayalsobeimplementedinsoftware.Softwaretokensstillprovidetwo-factorauthenticationbutdon’trequiretheusertohaveaphysicaldeviceonhand.Sometokensrequiresoftwareclientsthatstoreasymmetrickey(sometimescalledaseedrecord)inasecuredlocationontheuser’sdevice(laptop,desktop,tablet,andsoon).Othersoftwaretokensusepublickeycryptography.Asymmetriccryptographysolutions,suchaspublickeycryptography,oftenassociateaPINwithaspecificuser’stoken.Tologinoraccesscriticalresources,theusermustsupplythecorrectPIN.ThePINisstoredonaremoteserverandisusedduringtheauthenticationprocesssothatifauserpresentstherighttoken,butnottherightPIN,theuser’saccesscanbedenied.Thishelpspreventanattackerfromgainingaccessifhegetsacopyoforgainsaccesstothesoftwaretoken.
CrossCheckSymmetricandAsymmetricCryptographyYoulearnedaboutsymmetricandasymmetriccryptographyinChapter5.Whatisthedifference
betweenthetwomethods?Whichoneusespublickeys?
TechTip
BestPractice:PasswordExpirationOneofthebestpracticesanorganizationcanimplementistoattachanexpirationdatetouserpasswords.Thishelpsensurethatifapasswordiscompromised,theperiodthattheaccountremainscompromisedislimited.Inmostenvironmentsandoperatingsystems,thisisexpressedintermsofthenumberofdaysbeforethepasswordexpiresandisnolongervalid.Forexample,amaximumpasswordageof90daysmeansthataparticularpasswordwillexpire90daysafterthatpasswordwasinitiallysettoitscurrentvalue.
AccountandPasswordExpirationAnothercommonrestrictionthatcanbeenforcedinmanyaccesscontrolmechanismsiseither(orboth)anaccountexpirationorpasswordexpirationfeature.Thisallowsadministratorstospecifyaperiodoftimeforwhichapasswordoranaccountwillbeactive.Forpasswordexpiration,whentheexpirationdateisreached,theusergenerallyisaskedtocreateanewpassword.Thismeansthatifthepassword(andthustheaccount)hasbeencompromisedwhentheexpirationdateisreachedandanewpasswordisset,theattackerwillagain(hopefully)belockedoutofthesystem.Theattackercan’tchangethepasswordhimself,sincetheuserwouldthenbelockedoutandwouldcontactanadministratortohavethepasswordreset,thusagainlockingouttheattacker.Anotherattackoptionwouldinvolvetheattackersettinganew
passwordonthecompromisedaccountandthenattemptingtoresettheaccountbacktotheoriginal,compromisedpassword.Iftheattackerissuccessful,anewexpirationtimewouldbesetfortheaccountbuttheoldpasswordwouldstillbeusedandtheuserwouldnotbelockedoutoftheiraccount;inmostcases,theuserwouldn’tnoticeanythinghadhappenedatallastheiroldpasswordwouldcontinuetowork.Thisisonereasonwhya
passwordhistorymechanismshouldbeused.Thehistoryisusedtokeeptrackofpreviouslyusedpasswordssothattheycannotbereused.
TechTip
HeartbleedIn2014avulnerabilitythatcouldcauseusercredentialstobeexposedwasdiscoveredinmillionsofsystems.CalledtheHeartbleedincident,thisresultedinnumeroususersbeingtoldtochangetheirpasswordsbecauseofpotentialcompromise.Userswerealsowarnedofthedangersofreusingpasswordsacrossdifferentaccounts.Althoughthismakespasswordseasiertoremember,italsoimprovesguessingchances.Whatmadethiswholeeffortofprotectingyourpasswordsparticularlychallengingisthatthebreachwaswidespread—virtuallyallLinuxsystems—andthepatchingratewasuneven,sopeoplecouldbesufferingmultipleexposuresovertime.Afteroneyear,anestimated40%ofallcompromisedsystemsremainedunpatched.Thishighlightstheimportanceofnotreusingpasswordsacrossmultipleaccounts.
SecurityControlsandPermissionsIfmultipleusersshareacomputersystem,thesystemadministratorlikelyneedstocontrolwhoisallowedtodowhatwhenitcomestoviewing,using,orchangingsystemresources.Whileoperatingsystemsvaryinhowtheyimplementthesetypesofcontrols,mostoperatingsystemsusetheconceptsofpermissionsandrightstocontrolandsafeguardaccesstoresources.Aswediscussedearlier,permissionscontrolwhatauserisallowedtodowithobjectsonasystemandrightsdefinetheactionsausercanperformonthesystemitself.Let’sexaminehowtheWindowsoperatingsystemsimplementthisconcept.TheWindowsoperatingsystemsusetheconceptsofpermissionsand
rightstocontrolaccesstofiles,folders,andinformationresources.WhenusingtheNTFSfilesystem,administratorscangrantusersandgroupspermissiontoperformcertaintasksastheyrelatetofiles,folders,andRegistrykeys.ThebasiccategoriesofNTFSpermissionsareasfollows:
ExamTip:Permissionscanbeappliedtospecificusersorgroupstocontrolthatuser’sorgroup’sabilitytoview,modify,access,use,ordeleteresourcessuchasfoldersandfiles.
FullControlAuser/groupcanchangepermissionsonthefolder/file,takeownershipifsomeoneelseownsthefolder/file,deletesubfoldersandfiles,andperformactionspermittedbyallotherNTFSfolderpermissions.
ModifyUsers/groupscanviewandmodifyfiles/foldersandtheirproperties,candeleteandaddfiles/folders,andcandeleteoraddpropertiestoafile/folder.
Read&ExecuteUsers/groupscanviewthefile/folderandcanexecutescriptsandexecutablesbutcannotmakeanychanges(files/foldersareread-only).
ListFolderContentsAuser/groupcanlistonlywhatisinsidethefolder(appliestofoldersonly).
ReadUsers/groupscanviewthecontentsofthefile/folderandthefile/folderproperties.
WriteUsers/groupscanwritetothefileorfolder.
Figure11.8showsthepermissionsonafoldercalledDatafromaWindowsServersystem.InthetophalfofthePermissionswindowaretheusersandgroupsthathavepermissionsforthisfolder.Inthebottomhalfofthewindowarethepermissionsassignedtothehighlighteduserorgroup.
•Figure11.8PermissionsfortheDatafolder
TheWindowsoperatingsystemalsousesuserrightsorprivilegestodeterminewhatactionsauserorgroupisallowedtoperformoraccess.Theseuserrightsaretypicallyassignedtogroups,asitiseasiertodealwithafewgroupsthantoassignrightstoindividualusers,andtheyareusuallydefinedineitheragrouporalocalsecuritypolicy.Thelistofuserrightsisquiteextensivebutafewexamplesofuserrightsare
LogonlocallyUsers/groupscanattempttologontothelocalsystemitself.
AccessthiscomputerfromthenetworkUsers/groupscanattempttoaccessthissystemthroughthenetworkconnection.
ManageauditingandsecuritylogUsers/groupscanview,modify,anddeleteauditingandsecurityloginformation.
Rightstendtobeactionsthatdealwithaccessingthesystemitself,processcontrol,logging,andsoon.Figure11.9showstheuserrightscontainedinthelocalsecuritypolicyonaWindowssystem.
•Figure11.9UserRightsAssignmentoptionsfromWindowsLocalSecurityPolicy
Foldersandfilesarenottheonlythingsthatcanbesafeguardedorcontrolledusingpermissions.Evenaccessanduseofperipherals,suchasprinters,canbecontrolledusingpermissions.Figure11.10showstheSecuritytabfromaprinterattachedtoaWindowssystem.Permissionscanbeassignedtocontrolwhocanprinttotheprinter,whocanmanagedocumentsandprintjobssenttotheprinter,andwhocanmanagetheprinteritself.Withthistypeofgranularcontrol,administratorshaveagreatdealofcontroloverhowsystemresourcesareusedandwhousesthem.
•Figure11.10SecuritytabshowingprinterpermissionsinWindows
ExamTip:Althoughitisveryimportanttogetsecuritysettings“rightthefirsttime,”itisjustasimportanttoperformroutineauditsofsecuritysettingssuchasuseraccounts,groupmemberships,filepermissions,andsoon.
Averyimportantconcepttoconsiderwhenassigningrightsandprivilegestousersistheconceptofleastprivilege.Leastprivilegerequiresthatusersbegiventheabsoluteminimumnumberofrightsandprivilegesrequiredtoperformtheirauthorizedduties.Forexample,ifauserdoesnotneedtheabilitytoinstallsoftwareontheirowndesktoptoperformtheirjob,thendon’tgivethemthatability.Thisreducesthelikelihoodtheuserwillloadmalware,insecuresoftware,orunauthorizedapplicationsontotheirsystem.
AccessControlListsThetermaccesscontrollist(ACL)isusedinmorethanonemannerinthefieldofcomputersecurity.Whendiscussingroutersandfirewalls,anACLisasetofrulesusedtocontroltrafficflowintooroutofaninterfaceornetwork.Whendiscussingsystemresources,suchasfilesandfolders,anACLlistspermissionsattachedtoanobject—whoisallowedtoview,modify,move,ordeletethatobject.Toillustratethisconcept,consideranexample.Figure11.11showsthe
accesscontrollist(permissions)fortheDatafolder.TheuseridentifiedasBillyWilliamshasRead&Execute,ListFolderContents,andReadpermissions,meaningthisusercanopenthefolder,seewhat’sinthefolder,andsoon.Figure11.12showsthepermissionsforauseridentifiedasLeahJones,whohasonlyReadpermissionsonthesamefolder.
•Figure11.11PermissionsforBillyWilliamsontheDatafolder
•Figure11.12PermissionsforLeahJonesontheDatafolder
Incomputersystemsandnetworks,thereareseveralwaysthataccesscontrolscanbeimplemented.Anaccesscontrolmatrixprovidesthesimplestframeworkforillustratingtheprocess.AnexampleofanaccesscontrolmatrixisprovidedinTable11.1.Inthismatrix,thesystemiskeepingtrackoftwoprocesses,twofiles,andonehardwaredevice.Process1canreadbothFile1andFile2butcanwriteonlytoFile1.Process1cannotaccessProcess2,butProcess2canexecuteProcess1.Bothprocesseshavetheabilitytowritetotheprinter.
Table11.1 AnAccessControlMatrix
Whilesimpletounderstand,theaccesscontrolmatrixisseldomusedincomputersystemsbecauseitisextremelycostlyintermsofstoragespaceandprocessing.Imaginethesizeofanaccesscontrolmatrixforalargenetworkwithhundredsofusersandthousandsoffiles.
MandatoryAccessControl(MAC)Mandatoryaccesscontrol(MAC)istheprocessofcontrollingaccesstoinformationbasedonthesensitivityofthatinformationandwhetherornottheuserisoperatingattheappropriatesensitivitylevelandhastheauthoritytoaccessthatinformation.UnderaMACsystem,eachpieceofinformationandeverysystemresource(files,devices,networks,andsoon)islabeledwithitssensitivitylevel(suchasPublic,Engineering
Private,JonesSecret).Usersareassignedaclearancelevelthatsetstheupperboundaryoftheinformationanddevicesthattheyareallowedtoaccess.
ExamTip:Mandatoryaccesscontrolrestrictsaccessbasedonthesensitivityoftheinformationandwhetherornottheuserhastheauthoritytoaccessthatinformation.
TheaccesscontrolandsensitivitylabelsarerequiredinaMACsystem.Labelsaredefinedandthenassignedtousersandresources.Usersmustthenoperatewithintheirassignedsensitivityandclearancelevels—theydon’thavetheoptiontomodifytheirownsensitivitylevelsorthelevelsoftheinformationresourcestheycreate.Duetothecomplexityinvolved,MACistypicallyrunonlyonsystemswheresecurityisatopprioritysuchasTrustedSolaris,OpenBSD,andSELinux.
TechTip
MACObjectiveMandatoryaccesscontrolsareoftenmentionedindiscussionsofmultilevelsecurity.Formultilevelsecuritytobeimplemented,amechanismmustbepresenttoidentifytheclassificationofallusersandfiles.AfileidentifiedasTopSecret(hasalabelindicatingthatitisTopSecret)maybeviewedonlybyindividualswithaTopSecretclearance.Forthiscontrolmechanismtoworkreliably,allfilesmustbemarkedwithappropriatecontrolsandalluseraccessmustbechecked.ThisistheprimarygoalofMAC.
Figure11.13illustratesMACinoperation.Theinformationresourceonthelefthasbeenlabeled“EngineeringSecret,”meaningonlyusersintheEngineeringgroupoperatingattheSecretsensitivitylevelorabovecanaccessthatresource.ThetopuserisoperatingattheSecretlevelbutisnotamemberofEngineeringandisdeniedaccesstotheresource.ThemiddleuserisamemberofEngineeringbutisoperatingataPublicsensitivity
levelandisthereforedeniedaccesstotheresource.ThebottomuserisamemberofEngineering,isoperatingataSecretsensitivitylevel,andisallowedtoaccesstheinformationresource.
•Figure11.13Logicalrepresentationofmandatoryaccesscontrol
DiscretionaryAccessControl(DAC)Discretionaryaccesscontrol(DAC)istheprocessofusingfilepermissionsandoptionalACLstorestrictaccesstoinformationbasedonauser’sidentityorgroupmembership.DACisthemostcommonaccesscontrolsystemandiscommonlyusedinbothUNIXandWindowsoperatingsystems.The“discretionary”partofDACmeansthatafileor
resourceownerhastheabilitytochangethepermissionsonthatfileorresource.
TechTip
MultilevelSecurityIntheU.S.government,thefollowingsecuritylabelsareusedtoclassifyinformationandinformationresourcesforMACsystems:
TopSecretThehighestsecuritylevelandisdefinedasinformationthatwouldcause“exceptionallygravedamage”tonationalsecurityifdisclosed.
SecretThesecondhighestlevelandisdefinedasinformationthatwouldcause“seriousdamage”tonationalsecurityifdisclosed.
ConfidentialThelowestlevelofclassifiedinformationandisdefinedasinformationthatwould“damage”nationalsecurityifdisclosed.
ForOfficialUseOnlyInformationthatisunclassifiedbutnotreleasabletopublicorunauthorizedparties.SometimescalledSensitiveButUnclassified(SBU)
UnclassifiedNotanofficialclassificationlevel.
Thelabelsworkinatop-downfashionsothatanindividualholdingaSecretclearancewouldhaveaccesstoinformationattheSecret,Confidential,andUnclassifiedlevels.AnindividualwithaSecretclearancewouldnothaveaccesstoTopSecretresources,asthatlabelisabovethehighestleveloftheindividual’sclearance.
UnderUNIXoperatingsystems,filepermissionsconsistofthreedistinctparts:
Ownerpermissions(read,write,andexecute)Theownerofthefile
Grouppermissions(read,write,andexecute)Thegrouptowhichtheownerofthefilebelongs
Worldpermissions(read,write,andexecute)Anyoneelsewhoisnottheowneranddoesnotbelongtothegrouptowhichtheownerofthefilebelongs
ExamTip:Discretionaryaccesscontrolrestrictsaccessbasedontheuser’sidentityorgroupmembership.
Forexample,supposeafilecalledsecretdatahasbeencreatedbytheownerofthefile,Luke,whoispartoftheEngineeringgroup.TheownerpermissionsonthefilewouldreflectLuke’saccesstothefile(astheowner).ThegrouppermissionswouldreflecttheaccessgrantedtoanyonewhoispartoftheEngineeringgroup.TheworldpermissionswouldrepresenttheaccessgrantedtoanyonewhoisnotLukeandisnotpartoftheEngineeringgroup.InUNIX,afile’spermissionsareusuallydisplayedasaseriesofnine
characters,withthefirstthreecharactersrepresentingtheowner’spermissions,thesecondthreecharactersrepresentingthegrouppermissions,andthelastthreecharactersrepresentingthepermissionsforeveryoneelse,orfortheworld.ThisconceptisillustratedinFigure11.14.
•Figure11.14DiscretionaryfilepermissionsintheUNIXenvironment
SupposethefilesecretdataisownedbyLukewithgrouppermissions
forEngineering(becauseLukeispartoftheEngineeringgroup),andthepermissionsonthatfilearerwx,rw-,and---,asshowninFigure11.14.Thiswouldmeanthat:
Lukecanread,write,andexecutethefile(rwx).
MembersoftheEngineeringgroupcanreadandwritethefilebutnotexecuteit(rw-).
Theworldhasnoaccesstothefileandcan’tread,write,orexecuteit(---).
RememberthatundertheDACmodel,thefile’sowner,Luke,canchangethefile’spermissionsanytimehewants.
Role-BasedAccessControl(RBAC)Accesscontrollistscanbecumbersomeandcantaketimetoadministerproperly.Role-basedaccesscontrol(RBAC)istheprocessofmanagingaccessandprivilegesbasedontheuser’sassignedroles.RBACistheaccesscontrolmodelthatmostcloselyresemblesanorganization’sstructure.Inthisscheme,insteadofeachuserbeingassignedspecificaccesspermissionsfortheobjectsassociatedwiththecomputersystemornetwork,thatuserisassignedasetofrolesthattheusermayperform.Therolesareinturnassignedtheaccesspermissionsnecessarytoperformthetasksassociatedwiththerole.Userswillthusbegrantedpermissionstoobjectsintermsofthespecificdutiestheymustperform—notjustbecauseofasecurityclassificationassociatedwithindividualobjects.
Asdefinedbythe“OrangeBook,”aDepartmentofDefensedocument(inthe“rainbowseries”)thatatonetimewasthestandardfordescribingwhatconstitutedatrustedcomputingsystem,adiscretionaryaccesscontrol(DAC)is“ameansofrestrictingaccesstoobjectsbasedontheidentityofsubjectsand/orgroupstowhichtheybelong.Thecontrolsarediscretionaryinthesensethatasubjectwithacertainaccesspermissioniscapableofpassingthatpermission
(perhapsindirectly)ontoanyothersubject(unlessrestrainedbymandatoryaccesscontrol).”
UnderRBAC,youmustfirstdeterminetheactivitiesthatmustbeperformedandtheresourcesthatmustbeaccessedbyspecificroles.Forexample,theroleof“securityadmin”inMicrosoftSQLServermustbeabletocreateandmanagelogins,readerrorlogs,andaudittheapplication.Oncealltherolesarecreatedandtherightsandprivilegesassociatedwiththoserolesaredetermined,userscanthenbeassignedoneormorerolesbasedontheirjobfunctions.Whenaroleisassignedtoaspecificuser,theusergetsalltherightsandprivilegesassignedtothatrole.
ExamTip:Role-basedandrule-basedaccesscontrolcanbothbeabbreviatedasRBAC.StandardconventionisforRBACtobeusedtodenoterole-basedaccesscontrol.Aseldom-seenacronymforrule-basedaccesscontrolisRB-RBAC.Role-basedfocusesontheuser’srole(administrator,backupoperator,andsoon).Rule-basedfocusesonpredefinedcriteriasuchastimeofday(userscanonlyloginbetween8A.M.and6P.M.)ortypeofnetworktraffic(webtrafficisallowedtoleavetheorganization).
Unfortunately,inreality,administratorsoftenfindthemselvesinapositionofworkinginanorganizationwheremorethanoneuserhasmultiplerolesorevenaccesstomultipleaccounts(asituationquitecommoninsmallerorganizations).Userswithmultipleaccountstendtoselectthesameorsimilarpasswordsforthoseaccounts,therebyincreasingthechanceonecompromisedaccountcanleadtothecompromiseofotheraccountsaccessedbythatuser.Wherepossible,administratorsshouldfirsteliminatesharedoradditionalaccountsforusersandthenexaminethepossibilityofcombiningrolesorprivilegestoreducethe“accountfootprint”ofindividualusers.
Rule-BasedAccessControlRule-basedaccesscontrolisyetanothermethodofmanagingaccessand
privileges(andunfortunatelysharesthesameacronymasrole-basedaccesscontrol).Inthismethod,accessiseitherallowedordeniedbasedonasetofpredefinedrules.EachobjecthasanassociatedACL(muchlikeDAC),andwhenaparticularuserorgroupattemptstoaccesstheobject,theappropriateruleisapplied.
ExamTip:TheCompTIASecurity+examwillverylikelyexpectyoutobeabletodifferentiatebetweenthefourmajorformsofaccesscontroldiscussedhere:mandatoryaccesscontrol,discretionaryaccesscontrol,role-basedaccesscontrol,andrule-basedaccesscontrol.
Agoodexampleforrule-basedaccesscontrolispermittedlogonhours.Manyoperatingsystemsgiveadministratorstheabilitytocontrolthehoursduringwhichuserscanlogin.Forexample,abankmayallowitsemployeestologinonlybetweenthehoursof8A.M.and6P.M.MondaythroughSaturday.Ifauserattemptstologinoutsideofthesehours,3A.M.onSundayforexample,thentherulewillrejecttheloginattemptwhetherornottheusersuppliesvalidlogincredentials.
Attribute-BasedAccessControl(ABAC)Attribute-basedaccesscontrol(ABAC)isanewaccesscontrolschemabasedontheuseofattributesassociatedwithanidentity.Thesecanuseanytypeofattributes(userattributes,resourceattributes,environmentattributes,andsoon),suchaslocation,time,activitybeingrequested,andusercredentials.Anexamplewouldbeadoctorgettingonesetofaccessforaspecificpatientversusadifferentpatient.ABACcanberepresentedviatheeXtensibleAccessControlMarkupLanguage(XACML),astandardthatimplementsattribute-andpolicy-basedaccesscontrolschemes.
AccountExpiration
Inadditiontoalltheothermethodsofcontrollingandrestrictingaccess,mostmodernoperatingsystemsallowadministratorstospecifythelengthoftimeanaccountisvalidandwhenit“expires”orisdisabled.Thisisagreatmethodforcontrollingtemporaryaccounts,oraccountsforcontractorsorcontractemployees.Fortheseaccounts,theadministratorcanspecifyanexpirationdate;whenthedateisreached,theaccountautomaticallybecomeslockedoutandcannotbeloggedintowithoutadministratorintervention.Arelatedactioncanbetakenwithaccountsthatneverexpire:theycanautomaticallybemarked“inactive”andlockedoutiftheyhavebeenunusedforaspecifiednumberofdays.Accountexpirationissimilartopasswordexpiration,inthatitlimitsthetimewindowofpotentialcompromise.Whenanaccounthasexpired,itcannotbeusedunlesstheexpirationdeadlineisextended.
TechTip
DisablingAccountsWhenanadministratorneedstoendauser’saccess,forinstanceupontermination,thereareseveraloptions.Thebestoptionistodisabletheaccountbutleaveitinthesystem.ThispreservesaccountpermissionchainsandpreventsreuseofauserID,leadingtopotentialconfusionlaterwhenexamininglogs.
Similarly,organizationsmustdefinewhetheraccountsaredeletedordisabledwhennolongerneeded.Deletinganaccountremovestheaccountfromthesystempermanently,whereasdisablinganaccountleavesitinplacebutmarksitasunusable.Manyorganizationsdisableaccountsforaperiodoftimeafteranemployeedeparts(30ormoredays)priortodeletingtheaccount.Thispreventsanyonefromusingtheaccountandallowsadministratorstoreassignfiles,forwardmail,and“cleanup”beforetakinganypermanentactionsontheaccount.
PreventingDataLossorTheft
Identitytheftandcommercialespionagehavebecomeverylargeandlucrativecriminalenterprisesoverthepastdecade.Hackersarenolongermerelycontenttocompromisesystemsanddefacewebsites.Inmanyattacksperformedtoday,hackersareafterintellectualproperty,businessplans,competitiveintelligence,personalinformation,creditcardnumbers,clientrecords,oranyotherinformationthatcanbesold,traded,ormanipulatedforprofit.Thishascreatedawholeindustryoftechnicalsolutionslabeleddatalossprevention(DLP)solutions.Itcanbeassumedthatahackerhasassumedtheidentityofan
authorizeduser,andDLPsolutionsexisttopreventtheexfiltrationofdataregardlessofaccesscontrolrestrictions.DLPsolutionscomeinmanyforms,andeachofthesesolutionshasstrengthsandweaknesses.Thebestsolutionisacombinationofsecurityelements,sometosecuredatainstorage(encryption)andsomeintheformofmonitoring(proxydevicestomonitordataegressforsensitivedata),andevenNetFlowanalyticstoidentifynewbulkdatatransferroutes.
TheRemoteAccessProcessTheprocessofconnectingbyremoteaccessinvolvestwoelements:atemporarynetworkconnectionandaseriesofprotocolstonegotiateprivilegesandcommands.Thetemporarynetworkconnectioncanoccurviaadial-upservice,theInternet,wirelessaccess,oranyothermethodofconnectingtoanetwork.Oncetheconnectionismade,theprimaryissueisauthenticatingtheidentityoftheuserandestablishingproperprivilegesforthatuser.Thisisaccomplishedusingacombinationofprotocolsandtheoperatingsystemonthehostmachine.Thethreestepsintheestablishmentofproperprivilegesare
authentication,authorization,andaccounting,commonlyreferredtosimplyasAAA.Authenticationisthematchingofuser-suppliedcredentialstopreviouslystoredcredentialsonahostmachine,anditusuallyinvolvesanaccountusernameandpassword.Oncetheuserisauthenticated,theauthorizationsteptakesplace.Authorizationisthe
grantingofspecificpermissionsbasedontheprivilegesheldbytheaccount.Doestheuserhavepermissiontousethenetworkatthistime,orisheruserestricted?Doestheuserhaveaccesstospecificapplications,suchasmailandFTP,oraresomeoftheserestricted?Thesechecksarecarriedoutaspartofauthorization,andinmanycasesthisisafunctionoftheoperatingsysteminconjunctionwithitsestablishedsecuritypolicies.Accountingisthecollectionofbillingandotherdetailrecords.Networkaccessisoftenabillablefunction,andalogofhowmuchtime,bandwidth,filetransferspace,orotherresourceswereusedneedstobemaintained.Otheraccountingfunctionsincludekeepingdetailedsecuritylogstomaintainanaudittrailoftasksbeingperformed.
TechTip
SecuringRemoteConnectionsByusingencryption,remoteaccessprotocolscansecurelyauthenticateandauthorizeauseraccordingtopreviouslyestablishedprivilegelevels.Theauthorizationphasecankeepunauthorizedusersout,butafterthat,encryptionofthecommunicationschannelbecomesveryimportantinpreventingnonauthorizedusersfrombreakinginonanauthorizedsessionandhijackinganauthorizeduser’scredentials.AsmoreandmorenetworksrelyontheInternetforconnectingremoteusers,theneedforandimportanceofsecureremoteaccessprotocolsandsecurecommunicationchannelswillcontinuetogrow.
WhenauserconnectstotheInternetthroughanISP,thisissimilarlyacaseofremoteaccess—theuserisestablishingaconnectiontoherISP’snetwork,andthesamesecurityissuesapply.Theissueofauthentication,thematchingofuser-suppliedcredentialstopreviouslystoredcredentialsonahostmachine,isusuallydoneviaauseraccountnameandpassword.Oncetheuserisauthenticated,theauthorizationsteptakesplace.Remoteauthenticationusuallytakesthecommonformofanendusersubmittinghiscredentialsviaanestablishedprotocoltoaremoteaccessserver(RAS),whichactsuponthosecredentials,eithergrantingordenyingaccess.
Accesscontrolsdefinewhatactionsausercanperformorwhatobjectsauserisallowedtoaccess.Accesscontrolsarebuiltuponthefoundationofelementsdesignedtofacilitatethematchingofausertoaprocess.Theseelementsareidentification,authentication,andauthorization.Thereareamyriadofdetailsandchoicesassociatedwithsettingupremoteaccesstoanetwork,andtoprovideforthemanagementoftheseoptions,itisimportantforanorganizationtohaveaseriesofremoteaccesspoliciesandproceduresspellingoutthedetailsofwhatispermittedandwhatisnotforagivennetwork.
IdentificationIdentificationistheprocessofascribingacomputerIDtoaspecificuser,computer,networkdevice,orcomputerprocess.Theidentificationprocessistypicallyperformedonlyonce,whenauserIDisissuedtoaparticularuser.Useridentificationenablesauthenticationandauthorizationtoformthebasisforaccountability.Foraccountabilitypurposes,userIDsshouldnotbeshared,andforsecuritypurposes,theyshouldnotbedescriptiveofjobfunction.Thispracticeenablesyoutotraceactivitiestoindividualusersorcomputerprocessessothattheycanbeheldresponsiblefortheiractions.IdentificationlinksthelogonIDoruserIDtocredentialsthathavebeensubmittedpreviouslytoeitherHRortheITstaff.ArequiredcharacteristicofuserIDsisthattheymustbeuniquesothattheymapbacktothecredentialspresentedwhentheaccountwasestablished.
TechTip
FederationFederatedidentitymanagementisanagreementbetweenmultipleenterprisesthatletspartiesusethesameidentificationdatatoobtainaccesstothenetworksofallenterprisesinthegroup.Thisfederationenablesaccesstobemanagedacrossmultiplesystemsincommontrustlevels.
AuthenticationAuthenticationistheprocessofbindingaspecificIDtoaspecificcomputerconnection.Twoitemsneedtobepresentedtocausethisbindingtooccur—theuserID,andsome“secret”toprovethattheuseristhevalidpossessorofthecredentials.Historically,threecategoriesofsecretsareusedtoauthenticatetheidentityofauser:whatusersknow,whatusershave,andwhatusersare.Todayanadditionalcategoryisused:whatusersdo.Thesemethodscanbeusedindividuallyorincombination.These
controlsassumethattheidentificationprocesshasbeencompletedandtheidentityoftheuserhasbeenverified.Itisthejobofauthenticationmechanismstoensurethatonlyvalidusersareadmitted.Describedanotherway,authenticationisusingsomemechanismtoprovethatyouarewhoyouclaimedtobewhentheidentificationprocesswascompleted.Themostcommonmethodofauthenticationistheuseofapassword.
Forgreatersecurity,youcanaddanelementfromaseparategroup,suchasasmartcardtoken—somethingauserhasinherpossession.Passwordsarecommonbecausetheyareoneofthesimplestformsanduseusermemoryasaprimecomponent.Becauseoftheirsimplicity,passwordshavebecomeubiquitousacrossawiderangeofauthenticationsystems.Anothermethodtoprovideauthenticationinvolvestheuseofsomething
thatonlyvalidusersshouldhaveintheirpossession.Aphysical-worldexampleofthiswouldbeasimplelockandkey.Onlythoseindividualswiththecorrectkeywillbeabletoopenthelockandthusgainadmittancetoahouse,car,office,orwhateverthelockwasprotecting.Asimilarmethodcanbeusedtoauthenticateusersforacomputersystemornetwork(thoughthekeymaybeelectronicandcouldresideonasmartcardorsimilardevice).Theproblemwiththistechnology,however,isthatpeopledolosetheirkeys(orcards),whichmeansnotonlythattheusercan’tlogintothesystembutthatsomebodyelsewhofindsthekeymaythenbeabletoaccessthesystem,eventhoughtheyarenotauthorized.Toaddressthisproblem,acombinationofthesomething-you-knowandsomething-you-
havemethodsisoftenusedsothattheindividualwiththekeyisalsorequiredtoprovideapasswordorpasscode.Thekeyisuselessunlesstheuserknowsthiscode.
TechTip
CategoriesofSharedSecretsforAuthenticationOriginallypublishedbytheU.S.governmentinoneofthe“rainbowseries”ofmanualsoncomputersecurity,thecategoriesofshared“secrets”are
Whatusersknow(suchasapassword)Whatusershave(suchastokens)
Whatusersare(staticbiometricssuchasfingerprintsoririspattern)Today,becauseoftechnologicaladvances,anewcategoryhasemerged,patternedaftersubconsciousbehavior:
Whatusersdo(dynamicbiometricssuchastypingpatternsorgait)
Thethirdgeneralmethodtoprovideauthenticationinvolvessomethingthatisuniqueaboutyou.Weareaccustomedtothisconceptinourphysicalworld,whereourfingerprintsorasampleofourDNAcanbeusedtoidentifyus.Thissameconceptcanbeusedtoprovideauthenticationinthecomputerworld.Thefieldofauthenticationthatusessomethingaboutyouorsomethingthatyouareisknownasbiometrics.Anumberofdifferentmechanismscanbeusedtoaccomplishthistypeofauthentication,suchasafingerprint,iris,retinal,orhandgeometryscan.Allofthesemethodsobviouslyrequiresomeadditionalhardwareinordertooperate.Theinclusionoffingerprintreadersonlaptopcomputersisbecomingcommonastheadditionalhardwareisbecomingcosteffective.Anewmethod,basedonhowusersperformanaction,suchastheirgait
whenwalking,ortypingpatternshasemergedasasourceofapersonal“signature”.Whilenotdirectlyembeddedintosystemsasyet,thisisanoptionthatwillbecominginthefuture.
Whilethethreemainapproachestoauthenticationappeartobeeasytounderstandandinmostcaseseasytoimplement,authenticationisnottobetakenlightly,sinceitissuchanimportantcomponentofsecurity.Potentialattackersareconstantlysearchingforwaystogetpastthesystem’sauthenticationmechanism,andtheyhaveemployedsomefairlyingeniousmethodstodoso.Consequently,securityprofessionalsareconstantlydevisingnewmethods,buildingonthesethreebasicapproaches,toprovideauthenticationmechanismsforcomputersystemsandnetworks.
BasicAuthenticationBasicauthenticationisthesimplesttechniqueusedtomanageaccesscontrolacrossHTTP.BasicauthenticationoperatesbypassinginformationencodedinBase64formusingstandardHTTPheaders.Thisisaplaintextmethodwithoutanypretenseofsecurity.Figure11.15illustratestheoperationofbasicauthentication.
•Figure11.15Howbasicauthenticationoperates
DigestAuthenticationDigestauthenticationisamethodusedtonegotiatecredentialsacrosstheWeb.Digestauthenticationuseshashfunctionsandanoncetoimprovesecurityoverbasicauthentication.Digestauthenticationworksasfollows,asillustratedinFigure11.16:
•Figure11.16Howdigestauthenticationoperates
1.Theclientrequestslogin.2.Theserverrespondswithachallengeandprovidesanonce.3.Theclienthashesthepasswordandnonce.4.Theclientreturnsthehashedpasswordtotheserver.
5.Theserverrequeststhepasswordfromapasswordstore.6.Theserverhashesthepasswordandnonce.7.Ifbothhashesmatch,loginisgranted.Digestauthentication,althoughitimprovessecurityoverbasic
authentication,doesnotprovideanysignificantlevelofsecurity.Passwordsarenotsentintheclear.Digestauthenticationissubjecttoman-in-the-middleattacksandpotentiallyreplayattacks.
ExamTip:Thebottomlineforbothbasicanddigestauthenticationisthattheseareinsecuremethodsandshouldnotberelieduponforanylevelofsecurity.
KerberosDevelopedaspartofMIT’sprojectAthena,Kerberosisanetworkauthenticationprotocoldesignedforaclient/serverenvironment.ThecurrentversionisKerberos5release1.13.2andissupportedbyallmajoroperatingsystems.KerberossecurelypassesasymmetrickeyoveraninsecurenetworkusingtheNeedham-Schroedersymmetrickeyprotocol.Kerberosisbuiltaroundtheideaofatrustedthirdparty,termedakeydistributioncenter(KDC),whichconsistsoftwologicallyseparateparts:anauthenticationserver(AS)andaticket-grantingserver(TGS).Kerberoscommunicatesvia“tickets”thatservetoprovetheidentityofusers.
ExamTip:TwoticketsareusedinKerberos.Thefirstisaticket-grantingticket(TGT)obtainedfromtheauthenticationserver(AS).TheTGTispresentedtoaticket-grantingserver(TGS)whenaccesstoaserverisrequestedandaclient-to-serverticketisissued,grantingaccesstotheserver.TypicallyboththeASandtheTGSarelogicallyseparatepartsofthekeydistributioncenter
(KDC).
Takingitsnamefromthethree-headeddogofGreekmythology,KerberosisdesignedtoworkacrosstheInternet,aninherentlyinsecureenvironment.Kerberosusesstrongencryptionsothataclientcanproveitsidentitytoaserverandtheservercaninturnauthenticateitselftotheclient.AcompleteKerberosenvironmentisreferredtoasaKerberosrealm.TheKerberosservercontainsuserIDsandhashedpasswordsforallusersthatwillhaveauthorizationstorealmservices.TheKerberosserveralsohassharedsecretkeyswitheveryservertowhichitwillgrantaccesstickets.ThebasisforauthenticationinaKerberosenvironmentistheticket.
Ticketsareusedinatwo-stepprocesswiththeclient.Thefirstticketisaticket-grantingticket(TGT)issuedbytheAStoarequestingclient.TheclientcanthenpresentthistickettotheKerberosserverwitharequestforatickettoaccessaspecificserver.Thisclient-to-serverticket(alsocalledaserviceticket)isusedtogainaccesstoaserver’sserviceintherealm.Sincetheentiresessioncanbeencrypted,thiseliminatestheinherentlyinsecuretransmissionofitemssuchasapasswordthatcanbeinterceptedonthenetwork.Ticketsaretime-stampedandhavealifetime,soattemptingtoreuseaticketwillnotbesuccessful.Figure11.17detailsKerberosoperations.
•Figure11.17Kerberosoperations
TechTip
KerberosAuthenticationKerberosisathird-partyauthenticationservicethatusesaseriesofticketsastokensforauthenticatingusers.Thesixstepsinvolvedareprotectedusingstrongcryptography:
Theuserpresentshiscredentialsandrequestsaticketfromthekeydistributioncenter(KDC).
TheKDCverifiescredentialsandissuesaticket-grantingticket(TGT).
TheuserpresentsaTGTandrequestforservicetotheKDC.TheKDCverifiesauthorizationandissuesaclient-to-serverticket(orserviceticket).
Theuserpresentsarequestandaclient-to-servertickettothedesiredservice.Iftheclient-to-serverticketisvalid,serviceisgrantedtotheclient.
ToillustratehowtheKerberosauthenticationserviceworks,thinkaboutthecommondriver’slicense.Youhavereceivedalicensethatyoucanpresenttootherentitiestoproveyouarewhoyouclaimtobe.Becauseotherentitiestrustthestateinwhichthelicensewasissued,theywillacceptyourlicenseasproofofyouridentity.ThestateinwhichthelicensewasissuedisanalogoustotheKerberosauthenticationservicerealm,andthelicenseactsasaclient-to-serverticket.Itisthetrustedentitybothsidesrelyontoprovidevalididentifications.Thisanalogyisnotperfect,becauseweallprobablyhaveheardofindividualswhoobtainedaphonydriver’slicense,butitservestoillustratethebasicideabehindKerberos.
CertificatesCertificatesareamethodofestablishingauthenticityofspecificobjectssuchasanindividual’spublickeyordownloadedsoftware.Adigitalcertificateisadigitalfilethatissentasanattachmenttoamessageandis
usedtoverifythatthemessagedidindeedcomefromtheentityitclaimstohavecomefrom.DigitalcertificatesarecoveredindetailinChapter6.
CrossCheckDigitalCertificatesandDigitalSignaturesKerberosusesticketstoconveymessages.Partoftheticketisacertificatethatcontainstherequisitekeys.UnderstandinghowcertificatesconveythisvitalinformationisanimportantpartofunderstandinghowKerberos-basedauthenticationworks.CertificatesandhowtheyareusedwascoveredinChapter6,withtheprotocolsassociatedwithPKIcoveredinChapter7.Referbacktothesechaptersasneeded.
TokensAtokenisahardwaredevicethatcanbeusedinachallenge/responseauthenticationprocess.Inthisway,itfunctionsasbothasomething-you-haveandsomething-you-knowauthenticationmechanism.Severalvariationsonthistypeofdeviceexist,buttheyallworkonthesamebasicprinciples.Tokensweredescribedearlierinthechapter,andarecommonlyemployedinremoteauthenticationschemesastheyprovideadditionalsuretyoftheidentityoftheuser,evenuserswhoaresomewhereelseandcannotbeobserved.
ExamTip:Theuseofatokenisacommonmethodofusing“somethingyouhave”forauthentication.Atokencanholdacryptographickeyoractasaone-timepassword(OTP)generator.Itcanalsobeasmartcardthatholdsacryptographickey(examplesincludetheU.S.militaryCommonAccessCardandtheFederalPersonalIdentityVerification[PIV]card).ThesedevicescanbesafeguardedusingaPINandlockoutmechanismtopreventuseifstolen.
MultifactorMultifactorauthenticationisatermthatdescribestheuseofmorethanoneauthenticationmechanismatthesametime.Anexampleofthisisthe
hardwaretoken,whichrequiresbothapersonalIDnumber(PIN)orpasswordandthedeviceitselftodeterminethecorrectresponseinordertoauthenticatetothesystem.Thismeansthatboththesomething-you-haveandsomething-you-knowmechanismsareusedasfactorsinverifyingauthenticityoftheuser.BiometricsarealsooftenusedinconjunctionwithaPINsothatthey,too,canbeusedaspartofamultifactorauthenticationscheme,inthiscasesomethingyouareaswellassomethingyouknow.Thepurposeofmultifactorauthenticationistoincreasethelevelofsecurity,sincemorethanonemechanismwouldhavetobespoofedinorderforanunauthorizedindividualtogainaccesstoacomputersystemornetwork.ThemostcommonexampleofmultifactorsecurityisthecommonATMcardmostofuscarryinourwallets.ThecardisassociatedwithaPINthatonlytheauthorizedcardholdershouldknow.KnowingthePINwithouthavingthecardisuseless,justashavingthecardwithoutknowingthePINwillalsonotprovideyouaccesstoyouraccount.
ExamTip:Therequireduseofmorethanoneauthenticationsystemisknownasmultifactorauthentication.Themostcommonexampleisthecombinationofapasswordwithahardwaretoken.Forhighsecurity,threefactorscanbeused:password,token,andbiometric.
Multifactorauthenticationissometimesreferredtoastwo-factorauthenticationorthree-factorauthentication,referringtothenumberofdifferentfactorsused.Itisimportanttonotethatthisimpliesseparatefactorsfortheauthenticationelement;auserIDandpasswordarenottwofactors,astheuserIDisnotasharedsecretelement.
MutualAuthenticationMutualauthenticationdescribesaprocessinwhicheachsideofanelectroniccommunicationverifiestheauthenticityoftheother.WeareaccustomedtotheideaofhavingtoauthenticateourselvestoourISPbeforeweaccesstheInternet,generallythroughtheuseofauser
ID/passwordpair,buthowdoweactuallyknowthatwearereallycommunicatingwithourISPandnotsomeothersystemthathassomehowinserteditselfintoourcommunication(aman-in-the-middleattack)?Mutualauthenticationprovidesamechanismforeachsideofaclient/serverrelationshiptoverifytheauthenticityoftheothertoaddressthisissue.Acommonmethodofperformingmutualauthenticationinvolvesusingasecureconnection,suchasTransportLayerSecurity(TLS),totheserverandaone-timepasswordgeneratorthatthenauthenticatestheclient.
MutualTLS–basedauthenticationprovidesthesamefunctionsasnormalTLS,withtheadditionofauthenticationandnonrepudiationoftheclient.Thissecondauthentication,theauthenticationoftheclient,isdoneinthesamemannerasthenormalserverauthenticationusingdigitalsignatures.Theclientauthenticationrepresentsthemanysidesofamany-to-onerelationship.MutualTLSauthenticationisnotcommonlyusedbecauseofthecomplexity,cost,andlogisticsassociatedwithmanagingthemultitudeofclientcertificates.Thisreducestheeffectiveness,andmostwebapplicationsarenotdesignedtorequireclient-sidecertificates.
AuthorizationAuthorizationistheprocessofpermittingordenyingaccesstoaspecificresource.Onceidentityisconfirmedviaauthentication,specificactionscanbeauthorizedordenied.Manytypesofauthorizationschemesareused,butthepurposeisthesame:determinewhetheragivenuserwhohasbeenidentifiedhaspermissionsforaparticularobjectorresourcebeingrequested.Thisfunctionalityisfrequentlypartoftheoperatingsystemandistransparenttousers.Theseparationoftasks,fromidentificationtoauthenticationto
authorization,hasseveraladvantages.Manymethodscanbeusedtoperformeachtask,andonmanysystemsseveralmethodsareconcurrentlypresentforeachtask.Separationofthesetasksintoindividualelementsallowscombinationsofimplementationstoworktogether.Anysystemor
resource,beithardware(routerorworkstation)orasoftwarecomponent(databasesystem),thatrequiresauthorizationcanuseitsownauthorizationmethodonceauthenticationhasoccurred.Thismakesforefficientandconsistentapplicationoftheseprinciples.
AccessControlThetermaccesscontrolhasbeenusedtodescribeavarietyofprotectionschemes.Itsometimesreferstoallsecurityfeaturesusedtopreventunauthorizedaccesstoacomputersystemornetwork—orevenanetworkresourcesuchasaprinter.Inthissense,itmaybeconfusedwithauthentication.Moreproperly,accessistheabilityofasubject(suchasanindividualoraprocessrunningonacomputersystem)tointeractwithanobject(suchasafileorhardwaredevice).Oncetheindividualhasverifiedtheiridentity,accesscontrolsregulatewhattheindividualcanactuallydoonthesystem.Justbecauseapersonisgrantedentrytothesystem,thatdoesnotmeanthattheyshouldhaveaccesstoalldatathesystemcontains.
TechTip
AccessControlvs.AuthenticationItmayseemthataccesscontrolandauthenticationaretwowaystodescribethesameprotectionmechanism.This,however,isnotthecase.Authenticationprovidesawaytoverifytothecomputerwhotheuseris.Oncetheuserhasbeenauthenticated,theaccesscontrolsdecidewhatoperationstheusercanperform.Thetwogohand-in-handbutarenotthesamething.
RemoteAccessMethodsWhenauserrequiresaccesstoaremotesystem,theprocessofremoteaccessisusedtodeterminetheappropriatecontrols.Thisisdonethroughaseriesofprotocolsandprocessesdescribedintheremainderofthis
chapter.
IEEE802.1XIEEE802.1Xisanauthenticationstandardthatsupportsport-basedauthenticationservicesbetweenauserandanauthorizationdevice,suchasanedgerouter.IEEE802.1Xisusedbyalltypesofnetworks,includingEthernet,TokenRing,andwireless.Thisstandarddescribesmethodsusedtoauthenticateauserpriortograntingaccesstoanetworkandtheauthenticationserver,suchasaRADIUSserver.802.1Xactsthroughanintermediatedevice,suchasanedgeswitch,enablingportstocarrynormaltrafficiftheconnectionisproperlyauthenticated.Thispreventsunauthorizedclientsfromaccessingthepubliclyavailableportsonaswitch,keepingunauthorizedusersoutofaLAN.Untilaclienthassuccessfullyauthenticateditselftothedevice,onlyExtensibleAuthenticationProtocoloverLAN(EAPOL)trafficispassedbytheswitch.
Onesecurityissueassociatedwith802.1Xisthattheauthenticationoccursonlyuponinitialconnection,andthatanotherusercaninsertthemselvesintotheconnectionbychangingpacketsorusingahub.Thesecuresolutionistopair802.1X,whichauthenticatestheinitialconnection,withaVPNorIPsec,whichprovidespersistentsecurity.
EAPOLisanencapsulatedmethodofpassingEAPmessagesover802.1frames.EAPisageneralprotocolthatcansupportmultiplemethodsofauthentication,includingone-timepasswords,Kerberos,publickeys,andsecuritydevicemethodssuchassmartcards.Onceaclientsuccessfullyauthenticatesitselftothe802.1Xdevice,theswitchopensportsfornormaltraffic.Atthispoint,theclientcancommunicatewiththesystem’sAAAmethod,suchasaRADIUSserver,andauthenticateitselftothenetwork.
WirelessProtocols802.1Xiscommonlyusedonwirelessaccesspointsasaport-basedauthenticationservicepriortoadmissiontothewirelessnetwork.802.1Xoverwirelessuseseither802.11iorEAP-basedprotocols,suchasEAP-TLSorPEAP-TLS.
CrossCheckWirelessRemoteAccessWirelessisacommonmethodofallowingremoteaccesstoanetwork,asitdoesnotrequirephysicalcablingandallowsmobileconnections.Wirelesssecurity,includingprotocolssuchas802.11iandEAP-basedsolutions,iscoveredinChapter12.
RADIUSRemoteAuthenticationDial-InUserService(RADIUS)isanAAAprotocol.ItwassubmittedtotheInternetEngineeringTaskForce(IETF)asaseriesofRFCs:RFC2058(RADIUSspecification),RFC2059(RADIUSaccountingstandard),andupdatedRFCs2865–2869,whicharenowstandardprotocols.RADIUSisdesignedasaconnectionlessprotocolthatusestheUser
DatagramProtocol(UDP)asitstransportlayerprotocol.Connectiontypeissues,suchastimeouts,arehandledbytheRADIUSapplicationinsteadofthetransportlayer.RADIUSutilizesUDPport1812forauthenticationandauthorizationandUDP1813foraccountingfunctions.RADIUSisaclient/serverprotocol.TheRADIUSclientistypicallya
networkaccessserver(NAS).Networkaccessserversactasintermediaries,authenticatingclientsbeforeallowingthemaccesstoanetwork.RADIUS,RRAS(Microsoft),RAS,andVPNserverscanallactasnetworkaccessservers.TheRADIUSserverisaprocessordaemonrunningonaUNIXorWindowsServermachine.CommunicationsbetweenaRADIUSclientandRADIUSserverareencryptedusinga
sharedsecretthatismanuallyconfiguredintoeachentityandnotsharedoveraconnection.Hence,communicationsbetweenaRADIUSclient(typicallyaNAS)andaRADIUSserveraresecure,butthecommunicationsbetweenauser(typicallyaPC)andtheRADIUSclientaresubjecttocompromise.Thisisimportanttonote,foriftheuser’smachine(thePC)isnottheRADIUSclient(theNAS),thencommunicationsbetweenthePCandtheNASaretypicallynotencryptedandarepassedintheclear.
RADIUSAuthenticationTheRADIUSprotocolisdesignedtoallowaRADIUSservertosupportawidevarietyofmethodstoauthenticateauser.Whentheserverisgivenausernameandpassword,itcansupportPoint-to-PointProtocol(PPP),PasswordAuthenticationProtocol(PAP),Challenge-HandshakeAuthenticationProtocol(CHAP),UNIXlogin,andothermechanisms,dependingonwhatwasestablishedwhentheserverwassetup.Auserloginauthenticationconsistsofaquery(Access-Request)fromtheRADIUSclientandacorrespondingresponse(Access-Accept,Access-Challenge,orAccess-Reject)fromtheRADIUSserver,asyoucanseeinFigure11.18.TheAccess-Challengeresponseistheinitiationofachallenge/responsehandshake.Iftheclientcannotsupportchallenge/response,thenittreatstheChallengemessageasanAccess-Reject.
•Figure11.18RADIUScommunicationsequence
TheAccess-Requestmessagecontainstheusername,encryptedpassword,NASIPaddress,andport.Themessagealsocontainsinformationconcerningthetypeofsessiontheuserwantstoinitiate.OncetheRADIUSserverreceivesthisinformation,itsearchesitsdatabaseforamatchontheusername.Ifamatchisnotfound,eitheradefaultprofileisloadedoranAccess-Rejectreplyissenttotheuser.Iftheentryisfoundorthedefaultprofileisused,thenextphaseinvolvesauthorization,forinRADIUS,thesestepsareperformedinsequence.Figure11.18showstheinteractionbetweenauserandtheRADIUSclientandRADIUSserverandthestepstakentomakeaconnection.
RADIUSAuthorizationIntheRADIUSprotocol,theauthenticationandauthorizationstepsareperformedtogetherinresponsetoasingleAccess-Requestmessage,althoughtheyaresequentialsteps(seeFigure11.18).Onceanidentityhasbeenestablished,eitherknownordefault,theauthorizationprocessdetermineswhatparametersarereturnedtotheclient.Typicalauthorizationparametersincludetheservicetypeallowed(shellorframed),theprotocolsallowed,theIPaddresstoassigntotheuser(staticordynamic),andtheaccesslisttoapplyorstaticroutetoplaceintheNASroutingtable.
TechTip
ShellAccountsShellaccountrequestsarethosethatdesirecommand-lineaccesstoaserver.Onceauthenticationissuccessfullyperformed,theclientisconnecteddirectlytotheserversocommand-lineaccesscanoccur.RatherthanbeinggivenadirectIPaddressonthenetwork,theNASactsasapass-throughdeviceconveyingaccess.
TheseparametersarealldefinedintheconfigurationinformationontheRADIUSclientandserverduringsetup.Usingthisinformation,theRADIUSserverreturnsanAccess-AcceptmessagewiththeseparameterstotheRADIUSclient.
RADIUSAccountingTheRADIUSaccountingfunctionisperformedindependentlyofRADIUSauthenticationandauthorization.TheaccountingfunctionusesaseparateUDPport,1813(seeTable11.2inthe“ConnectionSummary”sectionattheendofthechapter).TheprimaryfunctionalityofRADIUSaccountingwasestablishedtosupportISPsintheiruseraccounting,anditsupportstypicalaccountingfunctionsfortimebillingandsecuritylogging.TheRADIUSaccountingfunctionsaredesignedtoallowdatatobetransmittedatthebeginningandendofasession,andtheycanindicateresourceutilization,suchastime,bandwidth,andsoon.
Table11.2 CommonTCP/UDPRemoteAccessNetworkingPortAssignments
DiameterDiameteristhenameofanAAAprotocolsuite,designatedbytheIETFtoreplacetheagingRADIUSprotocol.DiameteroperatesinmuchthesamewayasRADIUSinaclient/serverconfiguration,butitimprovesuponRADIUS,resolvingdiscoveredweaknesses.DiameterisaTCP-based
serviceandhasmoreextensiveAAAcapabilities.Diameterisalsodesignedforalltypesofremoteaccess,notjustmodempools.Asmoreandmoreusersadoptbroadbandandotherconnectionmethods,thesenewerservicesrequiremoreoptionstodeterminepermissibleusageproperlyandtoaccountforandlogtheusage.Diameterisdesignedwiththeseneedsinmind.Diameteralsohasanimprovedmethodofencryptingmessage
exchangestoprohibitreplayandman-in-the-middleattacks.Takenalltogether,Diameter,withitsenhancedfunctionalityandsecurity,isanimprovementontheprovendesignoftheoldRADIUSstandard.
TACACS+TheTerminalAccessControllerAccessControlSystem+(TACACS+)protocolisthecurrentgenerationoftheTACACSfamily.OriginallyTACACSwasdevelopedbyBBNPlanetCorporationforMILNET,anearlymilitarynetwork,butithasbeenenhancedbyCisco,whichhasexpandeditsfunctionalitytwice.TheoriginalBBNTACACSsystemprovidedacombinationprocessofauthenticationandauthorization.CiscoextendedthistoExtendedTerminalAccessControllerAccessControlSystem(XTACACS),whichprovidedforseparateauthentication,authorization,andaccountingprocesses.Thecurrentgeneration,TACACS+,hasextendedattributecontrolandaccountingprocesses.Oneofthefundamentaldesignaspectsistheseparationof
authentication,authorization,andaccountinginthisprotocol.AlthoughthereisastraightforwardlineageoftheseprotocolsfromtheoriginalTACACS,TACACS+isamajorrevisionandisnotbackward-compatiblewithpreviousversionsoftheprotocolseries.TACACS+usesTCPasitstransportprotocol,typicallyoperatingover
TCPport49.ThisportisusedfortheloginprocessandisreservedinRFC3232,“AssignedNumbers,”manifestedinadatabasefromtheInternetAssignedNumbersAuthority(IANA).IntheIANAspecification,bothUDPport49andTCPport49arereservedfortheTACACS+loginhost
protocol(seeTable11.2inthe“ConnectionSummary”sectionattheendofthechapter).TACACS+isaclient/serverprotocol,withtheclienttypicallybeinga
NASandtheserverbeingadaemonprocessonaUNIX,Linux,orWindowsserver.Thisisimportanttonote,foriftheuser’smachine(usuallyaPC)isnottheclient(usuallyaNAS),thencommunicationsbetweenPCandNASaretypicallynotencryptedandarepassedintheclear.CommunicationsbetweenaTACACS+clientandTACACS+serverareencryptedusingasharedsecretthatismanuallyconfiguredintoeachentityandisnotsharedoveraconnection.Hence,communicationsbetweenaTACACS+client(typicallyaNAS)andaTACACS+serveraresecure,butthecommunicationsbetweenauser(typicallyaPC)andtheTACACS+clientaresubjecttocompromise.
TACACS+AuthenticationTACACS+allowsforarbitrarylengthandcontentintheauthenticationexchangesequence,enablingmanydifferentauthenticationmechanismstobeusedwithTACACS+clients.Authenticationisoptionalandisdeterminedasasite-configurableoption.Whenauthenticationisused,commonformsincludePPPPAP,PPPCHAP,PPPEAP,tokencards,andKerberos.Theauthenticationprocessisperformedusingthreedifferentpackettypes:START,CONTINUE,andREPLY.STARTandCONTINUEpacketsoriginatefromtheclientandaredirectedtotheTACACS+server.TheREPLYpacketisusedtocommunicatefromtheTACACS+servertotheclient.TheauthenticationprocessisillustratedinFigure11.19,anditbegins
withaSTARTmessagefromtheclienttotheserver.ThismessagemaybeinresponsetoaninitiationfromaPCconnectedtotheTACACS+client.TheSTARTmessagedescribesthetypeofauthenticationbeingrequested(simpleplaintextpassword,PAP,CHAP,andsoon).ThisSTARTmessagemayalsocontainadditionalauthenticationdata,suchasausernameandpassword.ASTARTmessageisalsosentasaresponsetoarestartrequestfromtheserverinaREPLYmessage.ASTARTmessage
alwayshasitssequencenumbersetto1.
•Figure11.19TACACS+communicationsequence
WhenaTACACS+serverreceivesaSTARTmessage,itsendsaREPLYmessage.ThisREPLYmessageindicateswhethertheauthenticationiscompleteorneedstobecontinued.Iftheprocessneedstobecontinued,theREPLYmessagealsospecifieswhatadditionalinformationisneeded.TheresponsefromaclienttoaREPLYmessagerequestingadditionaldataisaCONTINUEmessage.Thisprocesscontinuesuntiltheserverhasalltheinformationneeded,andtheauthenticationprocessconcludeswithasuccessorfailure.
TACACS+AuthorizationAuthorizationisdefinedasthegrantingofspecificpermissionsbasedontheprivilegesheldbytheaccount.Thisgenerallyoccursafterauthentication,asshowninFigure11.19,butthisisnotafirmrequirement.Adefaultstateof“unknownuser”existsbeforeauserisauthenticated,andpermissionscanbedeterminedforanunknownuser.Aswithauthentication,authorizationisanoptionalprocessandmayormaynotbepartofasite-specificoperation.Whenitisusedinconjunctionwithauthentication,theauthorizationprocessfollowstheauthenticationprocessandusestheconfirmeduseridentityasinputinthedecisionprocess.Theauthorizationprocessisperformedusingtwomessagetypes:
REQUESTandRESPONSE.TheauthorizationprocessisperformedusinganauthorizationsessionconsistingofasinglepairofREQUESTandRESPONSEmessages.TheclientissuesanauthorizationREQUESTmessagecontainingafixedsetoffieldsenumeratingtheauthenticityoftheuserorprocessrequestingpermissionandavariablesetoffieldsenumeratingtheservicesoroptionsforwhichauthorizationisbeingrequested.TheRESPONSEmessageinTACACS+isnotasimpleyesorno;itcan
alsoincludequalifyinginformation,suchasausertimelimitorIPrestrictions.Theselimitationshaveimportantuses,suchasenforcingtime
limitsonshellaccessorenforcingIPaccesslistrestrictionsforspecificuseraccounts.
TACACS+AccountingAswiththetwopreviousservices,accountingisalsoanoptionalfunctionofTACACS+.Whenutilized,ittypicallyfollowstheotherservices.AccountinginTACACS+isdefinedastheprocessofrecordingwhatauserorprocesshasdone.Accountingcanservetwoimportantpurposes:
Itcanbeusedtoaccountforservicesbeingutilized,possiblyforbillingpurposes.
Itcanbeusedforgeneratingsecurityaudittrails.
TACACS+accountingrecordscontainseveralpiecesofinformationtosupportthesetasks.Theaccountingprocesshastheinformationrevealedintheauthorizationandauthenticationprocesses,soitcanrecordspecificrequestsbyuserorprocess.Tosupportthisfunctionality,TACACS+hasthreetypesofaccountingrecords:START,STOP,andUPDATE.Notethatthesearerecordtypes,notmessagetypesasearlierdiscussed.
AuthenticationProtocolsNumerousauthenticationprotocolshavebeendeveloped,used,anddiscardedinthebriefhistoryofcomputing.Somehavecomeandgonebecausetheydidnotenjoymarketshare,othershavehadsecurityissues,andyetothershavebeenrevisedandimprovedinnewerversions.Althoughit’simpossibleandimpracticaltocoverthemall,someofthecommononesfollow.
L2TPandPPTPLayer2TunnelingProtocol(L2TP)andPoint-to-PointTunnelingProtocol(PPTP)arebothOSILayer2tunnelingprotocols.Tunnelingistheencapsulationofonepacketwithinanother,whichallowsyoutohidethe
originalpacketfromvieworchangethenatureofthenetworktransport.Thiscanbedoneforbothsecurityandpracticalreasons.Fromapracticalperspective,assumethatyouareusingTCP/IPto
communicatebetweentwomachines.Yourmessagemaypassovervariousnetworks,suchasanAsynchronousTransferMode(ATM)network,asitmovesfromsourcetodestination.AstheATMprotocolcanneitherreadnorunderstandTCP/IPpackets,somethingmustbedonetomakethempassableacrossthenetwork.Byencapsulatingapacketasthepayloadinaseparateprotocol,soitcanbecarriedacrossasectionofanetwork,amechanismcalledatunneliscreated.Ateachendofthetunnel,calledthetunnelendpoints,thepayloadpacketisreadandunderstood.Asitgoesintothetunnel,youcanenvisionyourpacketbeingplacedinanenvelopewiththeaddressoftheappropriatetunnelendpointontheenvelope.Whentheenvelopearrivesatthetunnelendpoint,theoriginalmessage(thetunnelpacket’spayload)isre-created,read,andsenttoitsappropriatenextstop.Theinformationbeingtunneledisunderstoodonlyatthetunnelendpoints;itisnotrelevanttointermediatetunnelpointsbecauseitisonlyapayload.
PPPPoint-to-PointProtocol(PPP)isanolder,stillwidelyusedprotocolforestablishingdial-inconnectionsoverseriallinesorIntegratedServicesDigitalNetwork(ISDN)services.PPPhasseveralauthenticationmechanisms,includingPAP,CHAP,andtheExtensibleAuthenticationProtocol(EAP).Theseprotocolsareusedtoauthenticatethepeerdevice,notauserofthesystem.PPPisastandardizedInternetencapsulationofIPtrafficoverpoint-to-pointlinks,suchasseriallines.Theauthenticationprocessisperformedonlywhenthelinkisestablished.
TechTip
PPPFunctionsandAuthentication
PPPsupportsthreefunctions:
Encapsulatedatagramsacrossseriallinks
Establish,configure,andtestlinksusingLCPEstablishandconfiguredifferentnetworkprotocolsusingNCP
PPPsupportstwoauthenticationprotocols:
PasswordAuthenticationProtocol(PAP)
Challenge-HandshakeAuthenticationProtocol(CHAP)
PPTPMicrosoftledaconsortiumofnetworkingcompaniestoextendPPPtoenablethecreationofvirtualprivatenetworks(VPNs).TheresultwasthePoint-to-PointTunneling(PPTP),anetworkprotocolthatenablesthesecuretransferofdatafromaremotePCtoaserverbycreatingaVPNacrossaTCP/IPnetwork.Thisremotenetworkconnectioncanalsospanapublicswitchedtelephonenetwork(PSTN)andisthusaneconomicalwayofconnectingremotedial-inuserstoacorporatedatanetwork.TheincorporationofPPTPintotheMicrosoftWindowsproductlineprovidesabuilt-insecuremethodofremoteconnectionusingtheoperatingsystem,andthishasgivenPPTPalargemarketplacefootprint.FormostPPTPimplementations,threecomputersareinvolved:the
PPTPclient,theNAS,andaPPTPserver,asshowninFigure11.20.Theconnectionbetweentheremoteclientandthenetworkisestablishedinstages,asillustratedinFigure11.21.FirsttheclientmakesaPPPconnectiontoaNAS,typicallyanISP.(Intoday’sworldofwidelyavailablebroadband,ifthereisalreadyanInternetconnection,thenthereisnoneedtoperformthePPPconnectiontotheISP.)OncethePPPconnectionisestablished,asecondconnectionismadeoverthePPPconnectiontothePPTPserver.ThissecondconnectioncreatestheVPNconnectionbetweentheremoteclientandthePPTPserver.AtypicalVPNconnectionisoneinwhichtheuserisinahotelwithawirelessInternetconnection,connectingtoacorporatenetwork.Thisconnectionactsasa
tunnelforfuturedatatransfers.Althoughthesediagramsillustrateatelephoneconnection,thisfirstlinkcanbevirtuallyanymethod.CommoninhotelstodayarewiredconnectionstotheInternet.ThesewiredconnectionstypicallyareprovidedbyalocalISPandofferthesameservicesasaphoneconnection,albeitatamuchhigherdatatransferrate.
•Figure11.20PPTPcommunicationdiagram
•Figure11.21PPTPmessageencapsulationduringtransmission
PPTPestablishesatunnelfromtheremotePPTPclienttothePPTPserverandenablesencryptionwithinthistunnel.Thisprovidesasecuremethodoftransport.Todothisandstillenablerouting,anintermediateaddressingscheme,GenericRoutingEncapsulation(GRE),isused.Toestablishtheconnection,PPTPusescommunicationsacrossTCP
port1723(seeTable11.2inthe“ConnectionSummary”sectionattheendofthechapter),sothisportmustremainopenacrossthenetworkfirewallsforPPTPtobeinitiated.AlthoughPPTPallowstheuseofanyPPP
authenticationscheme,CHAPisusedwhenencryptionisspecified,toprovideanappropriatelevelofsecurity.Fortheencryptionmethodology,MicrosoftchosetheRSARC4cipher,witheithera40-or128-bitsessionkeylength,andthisisOSdriven.MicrosoftPoint-to-PointEncryption(MPPE)isanextensiontoPPPthatenablesVPNstousePPTPasthetunnelingprotocol.
EAPExtensibleAuthenticationProtocol(EAP)isauniversalauthenticationframeworkdefinedbyRFC3748thatisfrequentlyusedinwirelessnetworksandpoint-to-pointconnections.AlthoughEAPisnotlimitedtowirelessandcanbeusedforwiredauthentication,itismostoftenusedinwirelessLANs.EAPisdiscussedindetailinChapter12.
CHAPChallenge-HandshakeAuthenticationProtocol(CHAP)isusedtoprovideauthenticationacrossapoint-to-pointlinkusingPPP.Inthisprotocol,authenticationafterthelinkhasbeenestablishedisnotmandatory.CHAPisdesignedtoprovideauthenticationperiodicallythroughtheuseofachallenge/responsesystemthatissometimesdescribedasathree-wayhandshake,asillustratedinFigure11.22.Theinitialchallenge(arandomlygeneratednumber)issenttotheclient.Theclientusesaone-wayhashingfunctiontocalculatewhattheresponseshouldbeandthensendsthisback.Theservercomparestheresponsetowhatitcalculatedtheresponseshouldbe.Iftheymatch,communicationcontinues.Ifthetwovaluesdon’tmatch,thentheconnectionisterminated.Thismechanismreliesonasharedsecretbetweenthetwoentitiessothatthecorrectvaluescanbecalculated.MicrosofthascreatedtwoversionsofCHAP,modifiedtoincreasetheusabilityofCHAPacrossMicrosoft’sproductline.MSCHAPv1,definedinRFC2433,hasbeendeprecatedandwasdroppedinWindowsVista.Thecurrentstandard,version2,definedinRFC2759,wasintroducedwithWindows2000.
•Figure11.22TheCHAPchallenge/responsesequence
NTLMNTLANManager(NTLM)isanauthenticationprotocoldesignedbyMicrosoft,forusewiththeServerMessageBlock(SMB)protocol.SMBisanapplication-levelnetworkprotocolprimarilyusedforsharingoffilesandprintersinWindows-basednetworks.NTLMwasdesignedasareplacementfortheLANMANprotocol.ThecurrentversionisNTLMv2,whichwasintroducedwithWindowsNT4.0SP4.AlthoughMicrosofthasadoptedtheKerberosprotocolforauthentication,NTLMv2isstillusedwhen
AuthenticatingtoaserverusinganIPaddress
AuthenticatingtoaserverthatbelongstoadifferentActiveDirectoryforest
Authenticatingtoaserverthatdoesn’tbelongtoadomain
NoActiveDirectorydomainexists(“workgroup”or“peer-to-peer”connection)
PAPPasswordAuthenticationProtocol(PAP)involvesatwo-wayhandshakein
whichtheusernameandpasswordaresentacrossthelinkincleartext.PAPauthenticationdoesnotprovideanyprotectionagainstplaybackandlinesniffing.PAPisnowadeprecatedstandard.
L2TPLayer2TunnelingProtocol(L2TP)isalsoanInternetstandardandcamefromtheLayer2Forwarding(L2F)protocol,aCiscoinitiativedesignedtoaddressissueswithPPTP.WhereasPPTPisdesignedaroundPPPandIPnetworks,L2F,andhenceL2TP,isdesignedforuseacrossallkindsofnetworks,includingATMandFrameRelay.Additionally,whereasPPTPisdesignedtobeimplementedinsoftwareattheclientdevice,L2TPwasconceivedasahardwareimplementationusingarouteroraspecial-purposeappliance.L2TPcanbeconfiguredinsoftwareandisinMicrosoft’sRRASservers,whichuseL2TPtocreateaVPN.L2TPworksinmuchthesamewayasPPTP,butitopensupseveral
itemsforexpansion.Forinstance,inL2TP,routerscanbeenabledtoconcentrateVPNtrafficoverhigher-bandwidthlines,creatinghierarchicalnetworksofVPNtrafficthatcanbemoreefficientlymanagedacrossanenterprise.L2TPalsohastheabilitytouseIPsecandDataEncryptionStandard(DES)asencryptionprotocols,providingahigherlevelofdatasecurity.L2TPisalsodesignedtoworkwithestablishedAAAservicessuchasRADIUSandTACACS+toaidinuserauthentication,authorization,andaccounting.L2TPisestablishedviaUDPport1701,sothisisanessentialportto
leaveopenacrossfirewallssupportingL2TPtraffic.MicrosoftsupportsL2TPinWindows2000andabove,butbecauseofthecomputingpowerrequired,mostimplementationswillusespecializedhardware(suchasaCiscorouter).
TelnetOneofthemethodstograntremoteaccesstoasystemisthroughTelnet.Telnetisthestandardterminal-emulationprotocolwithintheTCP/IP
protocolseries,anditisdefinedinRFC854.Telnetallowsuserstologinremotelyandaccessresourcesasiftheuserhadalocalterminalconnection.Telnetisanoldprotocolandofferslittlesecurity.Information,includingaccountnamesandpasswords,ispassedincleartextovertheTCP/IPconnection.
ExamTip:TelnetusesTCPport23.Besuretomemorizethecommonportsusedbycommonservicesfortheexam.
TelnetmakesitsconnectionusingTCPport23.AsTelnetisimplementedonmostproductsusingTCP/IP,itisimportanttocontrolaccesstoTelnetonmachinesandrouterswhensettingthemup.Failuretocontrolaccessbyusingfirewalls,accesslists,andothersecuritymethods,orevenbydisablingtheTelnetdaemon,isequivalenttoleavinganopendoorforunauthorizedusersonasystem.
SSHSecureShell(SSH)isaprotocolseriesdesignedtofacilitatesecurenetworkfunctionsacrossaninsecurenetwork.SSHprovidesdirectsupportforsecureremotelogin,securefiletransfer,andsecureforwardingofTCP/IPandXWindowSystemtraffic.AnSSHconnectionisanencryptedchannel,providingforconfidentialityandintegrityprotection.SSHhasitsoriginsasareplacementfortheinsecureTelnetapplication
fromtheUNIXoperatingsystem.AnoriginalcomponentofUNIX,Telnetalloweduserstoconnectbetweensystems.AlthoughTelnetisstillusedtoday,ithassomedrawbacks,asdiscussedintheprecedingsection.SomeenterprisingUniversityofCalifornia,Berkeley,studentssubsequentlydevelopedther-commands,suchasrlogin,topermitaccessbasedontheuserandsourcesystem,asopposedtopassingpasswords.Thiswasnotperfecteither,however,becausewhenaloginwasrequired,itwasstillpassedintheclear.ThisledtothedevelopmentoftheSSHprotocolseries,
designedtoeliminatealloftheinsecuritiesassociatedwithTelnet,r-commands,andothermeansofremoteaccess.
ExamTip:SSHusesTCPport22.SCP(securecopy)andSFTP(secureFTP)useSSH,soeachalsousesTCPport22.
SSHopensasecuretransportchannelbetweenmachinesbyusinganSSHdaemononeachend.ThesedaemonsinitiatecontactoverTCPport22andthencommunicateoverhigherportsinasecuremode.OneofthestrengthsofSSHisitssupportformanydifferentencryptionprotocols.SSH1.0startedwithRSAalgorithms,butatthetimetheywerestillunderpatent,andthisledtoSSH2.0withextendedsupportforTripleDES(3DES)andotherencryptionmethods.Today,SSHcanbeusedwithawiderangeofencryptionprotocols,includingRSA,3DES,Blowfish,InternationalDataEncryptionAlgorithm(IDEA),CAST128,AES256,andothers.TheSSHprotocolhasfacilitiestoencryptdataautomatically,provide
authentication,andcompressdataintransit.Itcansupportstrongencryption,cryptographichostauthentication,andintegrityprotection.Theauthenticationservicesarehost-basedandnotuser-based.Ifuserauthenticationisdesiredinasystem,itmustbesetupseparatelyatahigherlevelintheOSImodel.Theprotocolisdesignedtobeflexibleandsimple,anditisdesignedspecificallytominimizethenumberofround-tripsbetweensystems.Thekeyexchange,publickey,symmetrickey,messageauthentication,andhashalgorithmsareallnegotiatedatconnectiontime.Individualdata-packetintegrityisassuredthroughtheuseofamessageauthenticationcodethatiscomputedfromasharedsecret,thecontentsofthepacket,andthepacketsequencenumber.TheSSHprotocolconsistsofthreemajorcomponents:
TransportlayerprotocolProvidesserverauthentication,
confidentiality,integrity,andcompression
UserauthenticationprotocolAuthenticatestheclienttotheserverConnectionprotocolProvidesmultiplexingoftheencryptedtunnelintoseverallogicalchannels
SSHisverypopularintheUNIXenvironment,anditisactivelyusedasamethodofestablishingVPNsacrosspublicnetworks.BecauseallcommunicationsbetweenthetwomachinesareencryptedattheOSIapplicationlayerbythetwoSSHdaemons,thisleadstotheabilitytobuildverysecuresolutionsandevensolutionsthatdefytheabilityofoutsideservicestomonitor.AsSSHisastandardprotocolserieswithconnectionparametersestablishedviaTCPport22,differentvendorscanbuilddifferingsolutionsthatcanstillinteroperate.
TechTip
RDPRemoteDesktopProtocol(RDP)isaproprietaryMicrosoftprotocoldesignedtoprovideagraphicalconnectiontoanothercomputer.ThecomputerrequestingtheconnectionhasRDPclientsoftware(builtintoWindows),andthetargetusesanRDPserver.ThissoftwarehasbeenavailableformanyversionsofWindowsandwasformerlycalledTerminalServices.ClientandserverversionsalsoexistforLinuxplatforms.RDPusesTCPandUDPports3389,soifRDPisdesired,theseportsneedtobeopenonthefirewall.
AlthoughWindowsServerimplementationsofSSHexist,thishasnotbeenapopularprotocolintheWindowsenvironmentfromaserverperspective.ThedevelopmentofawidearrayofcommercialSSHclientsfortheWindowsplatformindicatesthemarketplacestrengthofinterconnectionfromdesktopPCstoUNIX-basedserversutilizingthisprotocol.
FTP/FTPS/SFTP
OneofthemethodsoftransferringfilesbetweenmachinesisthroughtheuseoftheFileTransferProtocol(FTP).FTPisaplaintextprotocolthatoperatesbycommunicatingoverTCPbetweenaclientandaserver.TheclientinitiatesatransferwithanFTPrequesttotheserver’sTCPport21.Thisisthecontrolconnection,andthisconnectionremainsopenoverthedurationofthefiletransfer.Theactualdatatransferoccursonanegotiateddatatransferport,typicallyahigh-orderportnumber.FTPwasnotdesignedtobeasecuremethodoftransferringfiles.Ifasecuremethodisdesired,thenusingFTPSorSFTPisbest.FTPSistheuseofFTPoveranSSL/TLSsecuredchannel.Thiscanbe
doneeitherinexplicitmode,whereanAUTHTLScommandisissued,orinimplicitmode,wherethetransferoccursoverTCPport990forthecontrolchannelandTCPport989forthedatachannel.SFTPisnotFTPperse,butratheracompletelyseparateSecureFileTransferProtocolasdefinedbyanIETFDraft,thelatestofwhich,version6,expiredinJuly2007,buthasbeenincorporatedintoproductsinthemarketplace.
ExamTip:FTPusesTCPport21asacontrolchannelandTCPport20asatypicalactivemodedataport,assomefirewallsaresettoblockportsabove1024.
ItisalsopossibletorunFTPoverSSH,aslaterversionsofSSHallowsecuringofchannelssuchastheFTPcontrolchannel;thishasalsobeenreferredtoasSecureFTP.Thisleavesthedatachannelunencrypted,aproblemthathasbeensolvedinversion3.0ofSSH,whichsupportsFTPcommands.ThechallengeofencryptingtheFTPdatacommunicationsisthatthemutualportagreementmustbeopenedonthefirewall,andforsecurityreasons,high-orderportsthatarenotexplicitlydefinedaretypicallysecured.Becauseofthischallenge,SecureCopy(SCP)isoftenamoredesirablealternativetoSFTPwhenusingSSH.
VPNsAvirtualprivatenetwork(VPN)isasecurevirtualnetworkbuiltontopofaphysicalnetwork.ThesecurityofaVPNliesintheencryptionofpacketcontentsbetweentheendpointsthatdefinetheVPN.ThephysicalnetworkuponwhichaVPNisbuiltistypicallyapublicnetwork,suchastheInternet.BecausethepacketcontentsbetweenVPNendpointsareencrypted,toanoutsideobserveronthepublicnetwork,thecommunicationissecure,anddependingonhowtheVPNissetup,securitycanevenextendtothetwocommunicatingparties’machines.Virtualprivatenetworkingisnotaprotocolperse,butratheramethod
ofusingprotocolstoachieveaspecificobjective—securecommunications—asshowninFigure11.23.Auserwhowantstohaveasecurecommunicationchannelwithaserveracrossapublicnetworkcansetuptwointermediarydevices,VPNendpoints,toaccomplishthistask.Theusercancommunicatewithhisendpoint,andtheservercancommunicatewithitsendpoint.Thetwoendpointsthencommunicateacrossthepublicnetwork.VPNendpointscanbesoftwaresolutions,routers,orspecificserverssetupforspecificfunctionality.ThisimpliesthatVPNservicesaresetupinadvanceandarenotsomethingnegotiatedon-the-fly.
•Figure11.23VPNserviceoveranInternetconnection
AtypicaluseofVPNservicesisauseraccessingacorporatedatanetworkfromahomePCacrosstheInternet.TheemployeeinstallsVPNsoftwarefromworkonahomePC.Thissoftwareisalreadyconfiguredtocommunicatewiththecorporatenetwork’sVPNendpoint;itknowsthelocation,theprotocolsthatwillbeused,andsoon.Whenthehomeuserwantstoconnecttothecorporatenetwork,sheconnectstotheInternetandthenstartstheVPNsoftware.Theusercanthenlogintothecorporatenetworkbyusinganappropriateauthenticationandauthorizationmethodology.ThesolepurposeoftheVPNconnectionistoprovideaprivateconnectionbetweenthemachines,whichencryptsanydatasentbetweenthehomeuser’sPCandthecorporatenetwork.Identification,authorization,andallotherstandardfunctionsareaccomplishedwiththestandardmechanismsfortheestablishedsystem.VPNscanusemanydifferentprotocolstoofferasecuremethodof
communicatingbetweenendpoints.Commonmethodsofencryptionon
VPNsincludePPTP,IPsec,SSH,andL2TP,allofwhicharediscussedinthischapter.Thekeyisthatbothendpointsknowtheprotocolandshareasecret.AllofthisnecessaryinformationisestablishedwhentheVPNissetup.Atthetimeofuse,theVPNonlyactsasaprivatetunnelbetweenthetwopointsanddoesnotconstituteacompletesecuritysolution.
IPsecInternetProtocolSecurity(IPsec)isasetofprotocolsdevelopedbytheIETFtosecurelyexchangepacketsatthenetworklayer(Layer3)oftheOSImodel(RFCs2401–2412).AlthoughtheseprotocolsworkonlyinconjunctionwithIPnetworks,onceanIPsecconnectionisestablished,itispossibletotunnelacrossothernetworksatlowerlevelsoftheOSImodel.ThesetofsecurityservicesprovidedbyIPsecoccursatthenetworklayeroftheOSImodel,sohigher-layerprotocols,suchasTCP,UDP,InternetControlMessageProtocol(ICMP),BorderGatewayProtocol(BGP),andthelike,arenotfunctionallyalteredbytheimplementationofIPsecservices.TheIPsecprotocolserieshasasweepingarrayofservicesitisdesigned
toprovide,includingbutnotlimitedtoaccesscontrol,connectionlessintegrity,traffic-flowconfidentiality,rejectionofreplayedpackets,datasecurity(encryption),anddata-originauthentication.IPsechastwodefinedmethods—transportandtunneling—thatprovidedifferentlevelsofsecurity.IPsecalsohasthreemodesofconnection:host-to-server,server-to-server,andhost-to-host.Thetransportmethodencryptsonlythedataportionofapacket,thus
enablinganoutsidertoseesourceanddestinationIPaddresses.Thetransportmethodprotectsthehigher-levelprotocolsassociatedwithapacketandprotectsthedatabeingtransmittedbutallowsknowledgeofthetransmissionitself.Protectionofthedataportionofapacketisreferredtoascontentprotection.
ExamTip:Intransportmode(end-to-end),securityofpackettrafficisprovidedbytheendpointcomputers.Intunnelmode(portal-to-portal),securityofpackettrafficisprovidedbetweenendpointnodemachinesineachnetworkandnotattheterminalhostmachines.
TunnelingprovidesencryptionofsourceanddestinationIPaddresses,aswellasofthedataitself.Thisprovidesthegreatestsecurity,butitcanbedoneonlybetweenIPsecservers(orrouters)becausethefinaldestinationneedstobeknownfordelivery.Protectionoftheheaderinformationisknownascontextprotection.Itispossibletousebothmethodsatthesametime,suchasusing
transportwithinone’sownnetworktoreachanIPsecserver,whichthentunnelstothetargetserver’snetwork,connectingtoanIPsecserverthere,andthenusingthetransportmethodfromthetargetnetwork’sIPsecservertothetargethost.
SecurityAssociationsAsecurityassociation(SA)isaformalmannerofdescribingthenecessaryandsufficientportionsoftheIPsecprotocolseriestoachieveaspecificlevelofprotection.Becausemanyoptionsexist,bothcommunicatingpartiesmustagreeontheuseoftheprotocolsthatareavailable,andthisagreementisreferredtoasasecurityassociation.SAsexistbothforintegrity-protectingsystemsandconfidentiality-protectingsystems.IneachIPsecimplementation,asecurityassociationdatabase(SAD)definesparametersassociatedwitheachSA.TheSAisaone-way(simplex)association,andiftwo-waycommunicationsecurityisdesired,twoSAsareused—oneforeachdirection.
ExamTip:Asecurityassociationisalogicalsetofsecurityparametersdesignedtofacilitatethe
sharingofinformationbetweenentities.
IPsecConfigurationsFourbasicconfigurationscanbeappliedtomachine-to-machineconnectionsusingIPsec.Thesimplestisahost-to-hostconnectionbetweentwomachines,asshowninFigure11.24.Inthiscase,theInternetisnotapartoftheSAbetweenthemachines.Ifbidirectionalsecurityisdesired,twoSAsareused.TheSAsareeffectivefromhosttohost.
•Figure11.24Ahost-to-hostconnectionbetweentwomachines
Thesecondcaseplacestwosecuritydevicesinthestream,relievingthehostsofthecalculationandencapsulationduties.ThesetwogatewayshaveanSAbetweenthem.Thenetworkisassumedtobesecurefromeach
machinetoitsgateway,andnoIPsecisperformedacrossthesehops.Figure11.25showsthetwosecuritygatewayswithatunnelacrosstheInternet,althougheithertunnelortransportmodecouldbeused.
•Figure11.25TwosecuritygatewayswithatunnelacrosstheInternet
Thethirdcasecombinesthefirsttwo.AseparateSAexistsbetweenthegatewaydevices,butanSAalsoexistsbetweenhosts.Thiscouldbeconsideredatunnelinsideatunnel,asshowninFigure11.26.
•Figure11.26Atunnelinsideatunnel
RemoteuserscommonlyconnectthroughtheInternettoanorganization’snetwork.Thenetworkhasasecuritygatewaythroughwhichitsecurestraffictoandfromitsserversandauthorizedusers.Inthelastcase,illustratedinFigure11.27,theuserestablishesanSAwiththesecuritygatewayandthenaseparateSAwiththedesiredserver,ifrequired.Thiscanbedoneusingsoftwareonaremotelaptopandhardwareattheorganization’snetwork.
•Figure11.27Tunnelfromhosttogateway
WindowscanactasanIPsecserver,ascanroutersandotherservers.TheprimaryissueisCPUusageandwherethecomputingpowershouldbeimplanted.ThisconsiderationhasledtotheriseofIPsecappliances,whicharehardwaredevicesthatperformtheIPsecfunctionspecificallyforaseriesofcommunications.Dependingonthenumberofconnections,networkbandwidth,andsoon,thesedevicescanbeinexpensiveforsmallofficeorhomeofficeuseorquiteexpensiveforlarge,enterprise-levelimplementations.
IPsecSecurity
IPsecusestwoprotocolstoprovidetrafficsecurity:
AuthenticationHeader(AH)Aheaderaddedtoapacketforthepurposesofintegritychecking
EncapsulatingSecurityPayload(ESP)Amethodofencryptingthedataportionofadatagramtoprovideconfidentiality
Forkeymanagementandexchange,threeprotocolsexist:
InternetSecurityAssociationandKeyManagementProtocol(ISAKMP)
OakleySecureKeyExchangeMechanismforInternet(SKEMI)
ThesekeymanagementprotocolscanbecollectivelyreferredtoasInternetKeyManagementProtocol(IKMP)orInternetKeyExchange(IKE).IPsecdoesnotdefinespecificsecurityalgorithms,nordoesitrequire
specificmethodsofimplementation.IPsecisanopenframeworkthatallowsvendorstoimplementexistingindustry-standardalgorithmssuitedforspecifictasks.ThisflexibilityiskeyinIPsec’sabilitytoofferawiderangeofsecurityfunctions.IPsecallowsseveralsecuritytechnologiestobecombinedintoacomprehensivesolutionfornetwork-basedconfidentiality,integrity,andauthentication.IPsecusesthefollowing:
ExamTip:IPsecAHprotectsintegrity,butitdoesnotprovideprivacy.IPsecESPprovidesconfidentiality,butitdoesnotprotectintegrityofthepacket.Tocoverbothprivacyandintegrity,bothheaderscanbeusedatthesametime.
Diffie-Hellmankeyexchangebetweenpeersonapublicnetwork
PublickeysigningofDiffie-Hellmankeyexchangestoguaranteeidentityandavoidman-in-the-middleattacks
Bulkencryptionalgorithms,suchasIDEAand3DES,forencryptingdata
Keyedhashalgorithms,suchasHMAC,andtraditionalhashalgorithms,suchasMD5andSHA-1,forpacket-levelauthentication
DigitalcertificatestoactasdigitalIDcardsbetweenparties
Toprovidetrafficsecurity,twoheaderextensionshavebeendefinedforIPdatagrams.TheAH,whenaddedtoanIPdatagram,ensurestheintegrityofthedataandalsotheauthenticityofthedata’sorigin.ByprotectingthenonchangingelementsintheIPheader,theAHprotectstheIPaddress,whichenablesdata-originauthentication.TheESPprovidessecurityservicesforthehigher-levelprotocolportionofthepacketonly,nottheIPheader.AHandESPcanbeusedseparatelyorincombination,dependingonthe
levelandtypesofsecuritydesired.BothalsoworkwiththetransportandtunnelmodesofIPsecprotocols.Intransportmode,thetwocommunicationendpointsprovidesecurityprimarilyfortheupper-layerprotocols.Thecryptographicendpoints,whereencryptionanddecryptionoccur,arelocatedatthesourceanddestinationofthecommunicationchannel.WhenAHisintransportmode,theoriginalIPheaderisexposed,butitscontentsareprotectedviatheAHblockinthepacket,asillustratedinFigure11.28.WhenAHisemployedintunnelmode,portionsoftheouterIPheaderaregiventhesameheaderprotectionthatoccursintransportmode,withtheentireinnerpacketreceivingprotection.ThisisillustratedinFigure11.29.Theuseoftunnelmodeallowseasiercrossingoffirewalls,forwithoutit,specificfirewallruleswouldbeneededtopassthemodifiedtransportpacketheader.
•Figure11.28IPsecuseofAHintransportmode
•Figure11.29IPsecuseofAHintunnelmode
Tunnelingisameansofencapsulatingpacketsinsideaprotocolthatisunderstoodonlyattheentryandexitpointsofthetunnel.Thisprovidessecurityduringtransportinthetunnel,becauseoutsideobserverscannot
decipherpacketcontentsoreventheidentitiesofthecommunicatingparties.IPsechasatunnelmodethatcanbeusedfromservertoserveracrossapublicnetwork.Althoughthetunnelendpointsarereferredtoasservers,thesedevicescanberouters,appliances,orservers.Intunnelmode,thetunnelendpointsmerelyencapsulatetheentirepacketwithnewIPheaderstoindicatetheendpoints,andtheyencryptthecontentsofthisnewpacket.ThetruesourceanddestinationinformationiscontainedintheinnerIPheader,whichisencryptedinthetunnel.TheouterIPheadercontainstheaddressesoftheendpointsofthetunnel.ESPprovidesameansofencryptingthepacket’scontents,asshownin
Figure11.30.Inthiscase,intransportmode,thedatagramcontentsareencryptedandauthenticatedviatheESPheaderandfooter/trailerthatareinsertedintothedatagram.Asmentioned,AHandESPcanbeemployedintunnelmode.ESPaffordsthesameencryptionprotectiontothecontentsofthetunneledpacket,whichistheentirepacketfromtheinitialsender,asillustratedinFigure11.31.Together,intunnelmode,AHandESPcanprovidecompleteprotectionacrossthepacket,asshowninFigure11.32.ThespecificcombinationofAHandESPisreferredtoasasecurityassociationinIPsec.
•Figure11.30IPsecuseofESPintransportmode
•Figure11.31IPsecuseofESPintunnelmode
•Figure11.32IPsecESPandAHpacketconstructionintunnelmode
InIPversion4(IPv4),IPsecisanadd-on,anditsacceptanceisvendordriven.ItisnotapartoftheoriginalIP—oneoftheshort-sighteddesignflawsoftheoriginalIP.InIPv6,IPsecisintegratedintoIPandisnativeonallpackets.Itsuseisstilloptional,butitsinclusionintheprotocolsuitewillguaranteeinteroperabilityacrossvendorsolutionswhentheyarecompliantwithIPv6standards.IPsecusescryptographickeysinitssecurityprocessandhasboth
manualandautomaticdistributionofkeysaspartoftheprotocolseries.Manualkeydistributionisincluded,butitispracticalonlyinsmall,staticenvironmentsanddoesnotscaletoenterprise-levelimplementations.Thedefaultmethodofkeymanagement,InternetKeyExchange(IKE),isautomated.IKEauthenticateseachpeerinvolvedinIPsecandnegotiatesthesecuritypolicy,includingtheexchangeofsessionkeys.IKEcreatesasecuretunnelbetweenpeersandthennegotiatesthesecurityassociation
forIPsecacrossthischannel.Thisisdoneintwophases:thefirstdevelopsthechannel,andtheseconddevelopsthesecurityassociation.Figure11.33illustratesthedifferentlevelsofprotectionofferedby
VPNsandIPsec.ThisshowstheadvantagesofIPsecanditsmorecomprehensivecoverage.
•Figure11.33Protectionfromdifferentlevelsofencryption
VulnerabilitiesofRemoteAccessMethods
Theprimaryvulnerabilityassociatedwithmanyofthesemethodsofremoteaccessisthepassingofcriticaldataincleartext.Plaintextpassingofpasswordsprovidesnosecurityifthepasswordissniffed,andsniffersareeasytouseonanetwork.EvenplaintextpassingofuserIDsgivesawayinformationthatcanbecorrelatedandpossiblyusedbyanattacker.PlaintextcredentialpassingisoneofthefundamentalflawswithTelnetandiswhySSHwasdeveloped.ThisisalsooneoftheflawswithRADIUSandTACACS+,astheyhaveasegmentunprotected.Therearemethodsforovercomingtheselimitations,althoughtheyrequiredisciplineandunderstandinginsettingupasystem.Thestrengthoftheencryptionalgorithmisalsoaconcern.Shoulda
specificalgorithmormethodprovetobevulnerable,servicesthatrelysolelyonitarealsovulnerable.Togetaroundthisdependency,manyoftheprotocolsallownumerousencryptionmethods,sothatshouldoneprovevulnerable,ashifttoanotherrestoressecurity.
TechTip
IPsecinaNutshellIPsechastwoprimarymodes,transportmodeandtunnelmode.Transportmodeissimplerandaddsfewerbytestoapacket,butcanhaveissuestransitingitemssuchasfirewalls.Tunnelingmoderesolvesthefirewallissuebytotalencapsulation.IPsechastwoprimarymechanisms,AHandESP.AHprovidesforauthenticationofdatagramcontents,butnoprotectionintheformofsecrecy.ESPencryptsthedatagram,providingsecrecy,andwhenusedwithEH,ESPprovidesauthenticationaswell.
Aswithanysoftwareimplementation,therealwaysexiststhepossibilitythatabugcouldopenthesystemtoattack.Bugshavebeencorrectedinmostsoftwarepackagestocloseholesthatmadesystemsvulnerable,andremoteaccessfunctionalityisnoexception.ThisisnotaMicrosoft-onlyphenomenon,asonemightbelievefromthepopularpress.Criticalflawshavebeenfoundinalmosteveryproduct,fromopensystemimplementationssuchasOpenSSHtoproprietarysystemssuchasCisco
IOS.Theimportantissueisnotthepresenceofsoftwarebugs,forassoftwarecontinuestobecomemorecomplex,thisisanunavoidableissue.Thetruekeyisvendorresponsivenesstofixingthebugsoncetheyarediscovered,andthemajorplayers,suchasCiscoandMicrosoft,havebeenveryresponsiveinthisarea.
ConnectionSummaryTherearemanyprotocolsusedforremoteaccessandauthenticationandrelatedpurposes.ThesemethodshavetheirownassignedportsandtheseassignmentsaresummarizedinTable11.2.
Chapter11Review
ForMoreInformationMicrosoft’sTechNetGroupPolicypagehttp://technet.microsoft.com/en-us/windowsserver/grouppolicy/default.aspx
SANSConsensusPolicyResourceCommunity–PasswordPolicyhttps://www.sans.org/security-resources/policies/general/pdf/password-protection-policy
LabManualExercisesThefollowinglabexercisesfromthecompanionlabmanual,PrinciplesofComputerSecurityLabManual,FourthEdition,providepracticalapplicationofmaterialcoveredinthischapter:
ChapterSummaryAfterreadingthischapterandcompletingtheexercises,youshouldunderstandthefollowingaboutprivilegemanagement,authentication,andremoteaccessprotocols.
Identifythedifferencesamonguser,group,androlemanagement
Privilegemanagementistheprocessofrestrictingauser’sabilitytointeractwiththecomputersystem.
Privilegemanagementcanbebasedonanindividualuserbasis,onmembershipinaspecificgrouporgroups,oronafunction/role.
Keyconceptsinprivilegemanagementaretheabilitytorestrictandcontrolaccesstoinformationandinformationsystems.
Oneofthemethodsusedtosimplifyprivilegemanagementissinglesign-on,whichrequiresausertoauthenticatesuccessfullyonce.Thevalidatedcredentialsandassociatedrightsandprivilegesarethenautomaticallycarriedforwardwhentheuseraccessesothersystemsorapplications.
Implementpasswordanddomainpasswordpolicies
Passwordpoliciesaresetsofrulesthathelpusersselect,employ,andstorestrongpasswords.Tokenscombine“somethingyouhave”with“somethingyouknow,”suchasapasswordorPIN,andcanbehardwareorsoftwarebased.
Passwordsshouldhavealimitedspanandshouldexpireonascheduledbasis.
Describemethodsofaccountmanagement(SSO,timeofday,logicaltoken,accountexpiration)
Administratorshavemanydifferenttoolsattheirdisposaltocontrolaccesstocomputerresourcesincludingpasswordandaccountexpirationmethods.
Userauthenticationmethodscanincludeseveralfactorsincludingtokens.
Userscanbelimitedinthehoursduringwhichtheycanaccessresources.
Resourcessuchasfiles,folders,andprinterscanbecontrolledthroughpermissionsoraccesscontrollists.
Permissionscanbeassignedbasedonauser’sidentityortheirmembershipinoneormoregroups.
Describemethodsofaccessmanagement(MAC,DAC,andRBAC)
Mandatoryaccesscontrolisbasedonthesensitivityoftheinformationorprocessitself.
DiscretionaryaccesscontrolusesfilepermissionsandACLstorestrictaccessbasedonauser’sidentityorgroupmembership.
Role-basedaccesscontrolrestrictsaccessbasedontheuser’sassignedroleorroles.
Rule-basedaccesscontrolrestrictsaccessbasedonadefinedsetof
rulesestablishedbytheadministrator.
Discussthemethodsandprotocolsforremoteaccesstonetworks
Remoteaccessprotocolsprovideamechanismtoremotelyconnectclientstonetworks.
Awiderangeofremoteaccessprotocolshasevolvedtosupportvarioussecurityandauthenticationmechanisms.
Remoteaccessisgrantedviaremoteaccessservers,suchasRRASorRADIUS.
Identifyauthentication,authorization,andaccounting(AAA)protocols
Authenticationisacornerstoneelementofsecurity,connectingaccesstoapreviouslyapproveduserID.
Authorizationistheprocessofdeterminingwhetheranauthenticateduserhaspermission.
Accountingprotocolsmanageconnectiontimeandcostrecords.
Explainauthenticationmethodsandthesecurityimplicationsintheiruse
Password-basedauthenticationisstillthemostwidelyusedbecauseofcostandubiquity.
Ticket-basedsystems,suchasKerberos,formthebasisformostmodernauthenticationandcredentialingsystems.
Implementvirtualprivatenetworks(VPNs)andtheirsecurityaspects
VPNsuseprotocolstoestablishaprivatenetworkoverapublicnetwork,shieldingusercommunicationsfromoutsideobservation.
VPNscanbeinvokedviamanydifferentprotocolmechanismsand
involveeitherahardwareorsoftwareclientoneachendofthecommunicationchannel.
DescribeInternetProtocolSecurity(IPsec)anditsuseinsecuringcommunications
IPsecisthenativemethodofsecuringIPpackets;itisoptionalinIPv4andmandatoryinIPv6.
IPsecusesAuthenticationHeaders(AH)toauthenticatepackets.
IPsecusesEncapsulatingSecurityPayload(ESP)toprovideconfidentialityserviceatthedatagramlevel.
KeyTermsAAA(305)accesscontrol(311)accesscontrollist(ACL)(300)accounting(305)administrator(290)attribute-basedaccesscontrol(ABAC)(303)authentication(305)AuthenticationHeader(AH)(41)authenticationserver(AS)(308)authorization(305)contentprotection(324)contextprotection(325)discretionaryaccesscontrol(DAC)(302)domaincontroller(293)domainpasswordpolicy(293)EncapsulatingSecurityPayload(ESP)(41)eXtensibleAccessControlMarkupLanguage(XACML)(304)
group(291)grouppolicyobject(GPO)(293)identification(305)InternetKeyExchange(IKE)(329)InternetProtocolSecurity(IPsec)(324)InternetSecurityAssociationandKeyManagementProtocol
(ISAKMP)(41)Kerberos(308)keydistributioncenter(KDC)(308)Layer2TunnelingProtocol(L2TP)(320)mandatoryaccesscontrol(MAC)(301)Oakley(41)passwordpolicy(292)permissions(290)Point-to-PointTunnelingProtocol(PPTP)(317)privilegemanagement(288)privileges(288)remoteaccessserver(RAS)(305)rights(289)role(292)role-basedaccesscontrol(RBAC)(303)root(290)rule-basedaccesscontrol(303)SecureKeyExchangeMechanismforInternet(SKEMI)(41)securityassociation(SA)(325)singlesign-on(SSO)(294)superuser(290)ticket-grantingserver(TGS)(308)token(296)user(289)username(289)
virtualprivatenetwork(VPN)(323)
KeyTermsQuizUsetermsfromtheKeyTermslisttocompletethesentencesthatfollow.Don’tusethesametermmorethanonce.Notalltermswillbeused.
1._______________isanauthenticationmodeldesignedaroundtheconceptofusingticketsforaccessingobjects.
2._______________isdesignedaroundthetypeoftaskspeopleperform.
3.AformalmannerofdescribingthenecessaryandsufficientportionsoftheIPsecprotocolseriestoachieveaspecificlevelofprotectionisa(n)_______________.
4._______________describesasystemwhereeveryresourcehasaccessrulessetforitallofthetime.
5._______________isanauthenticationprocesswheretheusercanentertheiruserID(orusername)andpasswordandthenbeabletomovefromapplicationtoapplicationorresourcetoresourcewithouthavingtosupplyfurtherauthenticationinformation.
6.InIPsec,asecurityassociationisdefinedbyaspecificcombinationof_______________and_______________.
7.Theprotectionofthedataportionofapacketis_______________.8.Theprotectionoftheheaderportionofapacketis
_______________.
9._______________isakeymanagementandexchangeprotocolusedwithIPsec.
10.Theprocessofcomparingcredentialstothoseestablishedduringtheidentificationprocessisreferredtoas_______________.
Multiple-ChoiceQuiz1.Authenticationistypicallybaseduponwhat?
A.Somethingauserpossesses
B.Somethingauserknows
C.Somethingmeasuredonauser,suchasafingerprint
D.Alloftheabove
2.OnaVPN,trafficisencryptedanddecryptedat:A.Endpointsofthetunnelonly
B.Users’machines
C.Eachdeviceateachhop
D.Thedatalinklayerofaccessdevices
3.Aticket-grantingserverisanimportantelementinwhichofthefollowingauthenticationmodels?
A.L2TP
B.RADIUS
C.PPP
D.Kerberos
4.WhatprotocolisusedforRADIUS?A.UDP
B.NetBIOS
C.TCP
D.Proprietary
5.Underwhichaccesscontrolsystemiseachpieceofinformationandeverysystemresource(files,devices,networks,andsoon)labeledwithitssensitivitylevel?
A.Discretionaryaccesscontrol
B.Resourceaccesscontrol
C.Mandatoryaccesscontrol
D.Mediaaccesscontrol
6.IPsecprovideswhichoptionsassecurityservices?A.ESPandAH
B.ESPandAP
C.EAandAP
D.EAandAH
7.SecureShelluseswhichporttocommunicate?A.TCPport80
B.UDPport22
C.TCPport22
D.TCPport110
8.ElementsofKerberosincludewhichofthefollowing?A.Tickets,ticket-grantingserver,ticket-authorizingagent
B.Ticket-grantingticket,authenticationserver,ticket
C.Servicesserver,Kerberosrealm,ticketauthenticators
D.Client-to-serverticket,authenticationserverticket,ticket
9.ToestablishaPPTPconnectionacrossafirewall,youmustdo
whichofthefollowing?
A.Donothing;PPTPdoesnotneedtocrossfirewallsbydesign.
B.Donothing;PPTPtrafficisinvisibleandtunnelspastfirewalls.
C.OpenaUDPportofchoiceandassignittoPPTP.
D.OpenTCPport1723.
10.ToestablishanL2TPconnectionacrossafirewall,youmustdowhichofthefollowing?
A.Donothing;L2TPdoesnotcrossfirewallsbydesign.
B.Donothing;L2TPtunnelspastfirewalls.
C.OpenaUDPportofchoiceandassignittoL2TP.
D.OpenUDPport1701.
EssayQuiz1.Aco-workerwithastrongWindowsbackgroundishavingdifficulty
understandingUNIXfilepermissions.DescribeUNIXfilepermissionsforhim.CompareUNIXfilepermissionstoWindowsfilepermissions.
2.Howareauthenticationandauthorizationalikeandhowaretheydifferent.Whatistherelationship,ifany,betweenthetwo?
3.WhatisaVPNandwhattechnologiesareusedtocreateone?
LabProjects
•LabProject11.1
Usingtwoworkstationsandsomerouters,setupasimpleVPN.UsingWireshark(asharewarenetworkprotocolanalyzer,availableathttp://wireshark.com),observetrafficinsideandoutsidethetunneltodemonstrateprotection.
•LabProject11.2UsingfreeSSHdandfreeFTPd(bothsharewareprograms,availableatwww.freesshd.com)andWireshark,demonstratethesecurityfeaturesofSSHcomparedtoTelnetandFTP.
chapter12 WirelessSecurityandMobileDevices
Wemustplanforfreedom,andnotonlyforsecurity,iffornootherreasonthanthatonlyfreedomcanmakesecuritysecure.
W
—KARLPOPPER
Inthischapter,youwilllearnhowto
Describethedifferentwirelesssystemsinusetoday
DetailWAPanditssecurityimplications
Identify802.11’ssecurityissuesandpossiblesolutions
Examinetheelementsneededforenterprisewirelessdeployment
Examinethesecurityofmobilesystems
irelessisincreasinglythewaypeopleaccesstheInternet.Becausewirelessaccessisconsideredaconsumerbenefit,manybusinesseshaveaddedwirelessaccesspointstolurecustomersintotheirshops.
Withtherolloutoffourth-generation(4G)high-speedcellularnetworks,peoplearealsoincreasinglyaccessingtheInternetfromtheirmobilephones.Themassivegrowthinpopularityofnontraditionalcomputerssuchasnetbooks,e-readers,andtabletshasalsodriventhepopularityofwirelessaccess.Aswirelessuseincreases,thesecurityofthewirelessprotocolshas
becomeamoreimportantfactorinthesecurityoftheentirenetwork.Asasecurityprofessional,youneedtounderstandwirelessnetworkapplicationsbecauseoftherisksinherentinbroadcastinganetworksignalwhereanyonecaninterceptit.Sendingunsecuredinformationacrosspublicairwavesistantamounttopostingyourcompany’spasswordsbythefrontdoorofthebuilding.Thischapteropenswithlooksatseveralcurrentwirelessprotocolsandtheirsecurityfeatures.Thechapterfinisheswithanexaminationofmobilesystemsandtheirsecurityconcerns.
IntroductiontoWirelessNetworkingWirelessnetworkingisthetransmissionofpacketizeddatabymeansofaphysicaltopologythatdoesnotusedirectphysicallinks.Thisdefinition
canbenarrowedtoapplytonetworksthatuseradiowavestocarrythesignalsovereitherpublicorprivatebands,insteadofusingstandardnetworkcabling.Someproprietaryapplicationslikelong-distancemicrowavelinksusepoint-to-pointtechnologywithnarrowbandradiosandhighlydirectionalantennas.However,thistechnologyisnotcommonenoughtoproduceanysignificantresearchintoitsvulnerabilities,andanythingthatwasdevelopedwouldhavelimitedusefulness.Sothischapterfocusesonpoint-to-multipointsystems,thetwomostcommonofwhicharethefamilyofcellularprotocolsandIEEE802.11.IEEE802.11isafamilyofprotocolsinsteadofasinglespecification;thisisasummarytableofthe802.11family.
TheIEEE802.11protocolhasbeenstandardizedbytheIEEEforwirelesslocalareanetworks(LANs).Threeversionsarecurrentlyinproduction—802.11g,802.11a,and802.11n.Thelateststandardis802.11ac,butitprovidesbackwardcompatibilitywith802.11ghardware.CellularphonetechnologyhasmovedrapidlytoembracedatatransmissionandtheInternet.TheWirelessApplicationProtocol(WAP)wasoneofthepioneersofmobiledataapplications,butithasbeenovertakenbyavarietyofprotocolspushingustofourth-generation(4G)mobilenetworks.
TechTip
WirelessSystemsThereareseveraldifferentwirelessbandsincommonusetoday,themostcommonofwhichistheWi-Fiseries,referringtothe802.11WirelessLANstandardscertifiedbytheWi-FiAlliance.AnothersetofbandsisWiMAX,whichreferstothesetof802.16wirelessnetworkstandardsratifiedbytheWiMAXForum.Lastly,thereisZigBee,alow-power,personalareanetworkingtechnologydescribedbytheIEEE802.15.4series.
Bluetoothisashort-rangewirelessprotocoltypicallyusedonsmalldevicessuchasmobilephones.EarlyversionsofthesephonesalsohadBluetoothonanddiscoverableasadefault,makingthecompromiseofanearbyphoneeasy.Securityresearchhasfocusedonfindingproblemswiththesedevicessimplybecausethedevicesaresocommon.Thesecurityworldignoredwirelessforalongtime,andthenwithinthe
spaceofafewmonths,itseemedlikeeveryonewasattemptingtobreachthesecurityofwirelessnetworksandtransmissions.Onereasonwirelesssuddenlyfounditselftobesuchatargetisthatwirelessnetworksaresoabundantandsounsecured.Thedramaticproliferationoftheseinexpensiveproductshasmadethesecurityramificationsoftheprotocolastonishing.Nomatterwhatthesystem,wirelesssecurityisaveryimportanttopicas
moreandmoreapplicationsaredesignedtousewirelesstosenddata.Wirelessisparticularlyproblematicfromasecuritystandpoint,becausethereisnocontroloverthephysicallayerofthetraffic.InmostwiredLANs,theadministratorshavephysicalcontroloverthenetworkandcancontroltosomedegreewhocanactuallyconnecttothephysicalmedium.Thispreventslargeamountsofunauthorizedtrafficandmakessnoopingaroundandlisteningtothetrafficdifficult.Wirelessdoesawaywiththephysicallimitations.Ifanattackercangetcloseenoughtothesignal’ssourceasitisbeingbroadcast,hecanattheveryleastlistentotheaccesspointandclientstalkingtocaptureallthepacketsforexamination,asdepictedinFigure12.1.
•Figure12.1Wirelesstransmissionextendingbeyondthefacility’swalls
Attackerscanalsotrytomodifythetrafficbeingsentortrytosendtheirowntraffictodisruptthesystem.Inthischapter,youwilllearnaboutthedifferenttypesofattacksthatwirelessnetworksface.
MobilePhonesWhencellularphonesfirsthitthemarket,securitywasn’tanissue—ifyouwantedtokeepyourphonesafe,you’dsimplykeepitphysicallysecureandnotloanittopeopleyoudidn’twantmakingcalls.Itsonlyfunctionwasthatofatelephone.
•Earlycellphonesjustallowedyoutomakecalls.
Theadvanceofdigitalcircuitryhasaddedamazingpowerinsmallerandsmallerdevices,causingsecuritytobeanissueasthesoftwarebecomesmoreandmorecomplicated.Today’ssmallandinexpensiveproductshavemadethewirelessmarketgrowbyleapsandbounds,astraditionalwirelessdevicessuchascellularphonesandpagershavebeenreplacedbytabletsandsmartphones.
•Today’sphonesallowyoutocarrycomputersinyourpocket.
Today’ssmartphonessupportmultiplewirelessdataaccessmethods,
including802.11,Bluetooth,andcellular.ThesemobilephonesandtabletdeviceshavecausedconsumerstodemandaccesstotheInternetanytimeandanywhere.Thishasgeneratedademandforadditionaldataservices.TheWirelessApplicationProtocol(WAP)attemptedtosatisfytheneedsformoredataonmobiledevices,butitisfallingbythewaysideasthemobilenetworks’capabilitiesincrease.TheneedformoreandmorebandwidthhaspushedcarrierstoadoptamoreIP-centricroutingmethodologywithtechnologiessuchasHighSpeedPacketAccess(HSPA)andEvolutionDataOptimized(EVDO).Mobilephoneshaveruthlesslyadvancedwithnewtechnologiesandservices,causingphonesandthecarriernetworksthatsupportthemtobedescribedingenerations—1G,2G,3G,and4G.1Greferstotheoriginalanalogcellularstandard,AdvancedMobilePhoneSystem(AMPS).2Greferstothedigitalnetworkthatsupersededit.3Gisthesystemofmobilenetworksthatfollowed,withmanydifferentimplementationscarryingdataatupto400Kbps.4GrepresentsthecurrentstateofmobilephoneswithLTEbeingtheprimarymethod.4Gallowscarrierstoofferawiderarrayofservicestotheconsumer,includingbroadbanddataserviceupto14.4Mbpsandvideocalling.4GisalsoamovetoanentirelyIP-basednetworkforallservices,runningvoiceoverIP(VoIP)onyourmobilephoneandspeedsupto1Gbps.Allofthese“gee-whiz”featuresarenice,buthowsecureareyourbits
andbytesgoingtobewhenthey’retravelingacrossamobilecarrier’snetwork?Alltheprotocolsmentionedhavetheirownsecurityimplementations—WAPappliesitsownWirelessTransportLayerSecurity(WTLS)toattempttosecuredatatransmissions,butWAPstillhasissuessuchasthe“WAPgap”(asdiscussednext).3Gnetworkshaveattemptedtopushalargeamountofsecuritydownthestackandrelyontheencryptiondesignedintothewirelessprotocol.
TechTip
RelationshipofWAPandWTLSWirelessApplicationProtocolisalightweightprotocoldesignedformobiledevices.WirelessTransportLayerSecurityisalightweightsecurityprotocoldesignedforWAP.
WirelessApplicationProtocolWAPwasintroducedtocompensatefortherelativelylowamountofcomputingpoweronhandhelddevicesaswellasthegenerallypoornetworkthroughputofcellularnetworks.ItusestheWirelessTransportLayerSecurity(WTLS)encryptionscheme,whichencryptstheplaintextdataandthensendsitovertheairwavesasciphertext.Theoriginatorandtherecipientbothhavekeystodecryptthedataandreproducetheplaintext.Thismethodofensuringconfidentialityisverycommon,andiftheencryptioniswelldesignedandimplemented,itisdifficultforunauthorizeduserstotakecapturedciphertextandreproducetheplaintextthatcreatedit.AsdescribedinChapter5,confidentialityistheabilitytokeepprotecteddataasecret.WTLSusesamodifiedversionoftheTransportLayerSecurity(TLS)protocol,whichisthereplacementforSecureSocketsLayer(SSL).TheWTLSprotocolsupportsseveralpopularbulkencryptionalgorithms,includingDataEncryptionStandard(DES),TripleDES(3DES),RC5,andInternationalDataEncryptionAlgorithm(IDEA).
CrossCheckSymmetricEncryptionInChapter5youlearnedaboutsymmetricencryption,includingDES,3DES,RC5,andIDEA.Inthecontextofwirelesscommunication,whatalgorithmwouldprotectyourdatathebest?Whataresomepossibleproblemswiththesealgorithms?
WTLSimplementsintegritythroughtheuseofmessageauthenticationcodes(MACs).AMACalgorithmgeneratesaone-wayhashofthe
compressedWTLSdata.WTLSsupportstheMD5andSHAMACalgorithms.TheMACalgorithmisalsodecidedduringtheWTLShandshake.TheTLSprotocolthatWTLSisbasedonisdesignedaroundInternet-basedcomputers,machinesthathaverelativelyhighprocessingpower,largeamountsofmemory,andsufficientbandwidthavailableforInternetapplications.DevicesthatWTLSmustaccommodatearelimitedinalltheserespects.Thus,WTLShastobeabletocopewithsmallamountsofmemoryandlimitedprocessorcapacity,aswellaslonground-triptimesthatTLScouldnothandlewell.TheserequirementsaretheprimaryreasonsthatWTLShassecurityissues.Astheprotocolisdesignedaroundmorecapableserversthandevices,
theWTLSspecificationcanallowconnectionswithlittletonosecurity.ClientswithlowmemoryorCPUcapabilitiescannotsupportencryption,andchoosingnullorweakencryptiongreatlyreducesconfidentiality.Authenticationisalsooptionalintheprotocol,andomittingauthenticationreducessecuritybyleavingtheconnectionvulnerabletoaman-in-the-middle–typeattack.Inadditiontothegeneralflawsintheprotocol’simplementation,severalknownsecurityvulnerabilitiesexist,includingthosetothechosen-plaintextattack,thePKCS#1attack,andthealertmessagetruncationattack.Thechosen-plaintextattackworksontheprincipleofapredictable
initializationvector(IV).Bythenatureofthetransportmediumthatitisusing,WAP,WTLSneedstosupportunreliabletransport.ThisforcestheIVtobebasedondataalreadyknowntotheclient,andWTLSusesalinearIVcomputation.BecausetheIVisbasedonthesequencenumberofthepacket,andseveralpacketsaresentunencrypted,entropyisseverelydecreased.Thislackofentropyintheencrypteddatareducesconfidentiality.
TechTip
WeaknessinWAPAggregation
WAPisapoint-to-multipointprotocol,butitcanfacedisruptionsorattacksbecauseitaggregatesatwell-knownpoints:thecellularantennatowers.
NowconsiderthePKCS#1attack.PublicKeyCryptographyStandards(PKCS),usedinconjunctionwithRSAencryption,providestandardsforformattingthepaddingusedtogenerateacorrectlyformattedblocksize.Whentheclientreceivestheblock,itwillreplytothesenderastothevalidityoftheblock.Anattackertakesadvantageofthisbyattemptingtosendmultipleguessesatthepaddingtoforceapaddingerror.Invulnerableimplementations,whenRSAsignaturesandencryptionareperformedperPKCS#1,theRSAmessagescanbedecryptedwithapproximately220chosenciphertextqueries.AlertmessagesinWTLSaresometimessentinplaintextandarenotauthenticated.Thisfactcouldallowanattackertooverwriteanencryptedpacketfromtheactualsenderwithaplaintextalertmessage,leadingtopossibledisruptionoftheconnectionthrough,forinstance,atruncationattack.Someconcernovertheso-calledWAPgapinvolvesconfidentialityof
informationwherethetwodifferentnetworksmeet,theWAPgateway,asshowninFigure12.2.
•Figure12.2TheWAPgapshowsanunencryptedspacebetweentwoencipheredconnections.
WTLSactsasthesecurityprotocolfortheWAPnetwork,andTLSisthestandardfortheInternet,sotheWAPgatewayhastoperformtranslationfromoneencryptionstandardtotheother.ThistranslationforcesallmessagestobeseenbytheWAPgatewayinplaintext.Thisisaweakpointinthenetworkdesign,butfromanattacker’sperspective,it’samuchmoredifficulttargetthantheWTLSprotocolitself.ThreatstotheWAPgatewaycanbeminimizedthroughcarefulinfrastructuredesign,suchasselectingasecurephysicallocationandallowingonlyoutboundtrafficfromthegateway.Ariskofcompromisestillexists,however,andanattackerwouldfindaWAPgatewayanespeciallyappealingtarget,asplaintextmessagesareprocessedthroughitfromallwirelessdevices,notjustasingleuser.Thesolutionforthisistohaveend-to-endsecuritylayeredoveranythingunderlying,ineffectcreatingaVPNfromtheendpointtothemobiledevice,ortostandardizeonafullimplementation
ofTLSforend-to-endencryptionandstrongauthentication.Thelimitednatureofthedeviceshamperstheabilityofthesecurityprotocolstooperateasintended,compromisinganyrealsecuritytobeimplementedonWAPnetworks.
3GMobileNetworksOurcellphonesareoneofthemostvisibleindicatorsofadvancingtechnology.Withinrecentmemory,wewereforcedtoswitchfromoldanalogphonestodigitalmodels.Thenetworkshavebeenupgradedto3G,greatlyenhancingspeedandloweringlatency.Thishasreducedtheneedforlightweightprotocolstohandledatatransmission,andmorestandardprotocolssuchasIPcanbeused.Theincreasedpowerandmemoryofthehandhelddevicesalsoreducetheneedforlighter-weightencryptionprotocols.Thishascausedtheprotocolsusedfor3Gmobiledevicestobuildintheirownencryptionprotocols.Securitywillrelyontheselower-levelprotocolsorstandardapplication-levelsecurityprotocolsusedinnormalIPtraffic.Severalcompetingdatatransmissionstandardsexistfor3Gnetworks,
suchasHSPAandEVDO.However,allthestandardsincludetransportlayerencryptionprotocolstosecurethevoicetraffictravelingacrossthewirelesssignalaswellasthedatasentbythedevice.Thecryptographicstandardproposedfor3GisknownasKASUMI.ThismodifiedversionoftheMISTY1algorithmuses64-bitblocksand128-bitkeys.Multipleattackshavebeenlaunchedagainstthiscipher.Whiletheattackstendtobeimpractical,thisshowsthatapplicationlayersecurityisneededforsecuretransmissionofdataonmobiledevices.WAPandWTLScanbeusedoverthelower-levelprotocols,buttraditionalTLScanalsobeused.
3G,4G,LTE…What’stheDifference?Intoday’smobilemarketingcampaigns,wehearof3G,4G,andLTE.Whatdothesetermsmean?3Gisthe“old”networktoday,butitisstillverycapableforavarietyofpurposes.4Gphonesaresupposedtobeevenfaster,butthat’snotalwaysthecase.Alotdependsonwhatyouusethephonefor.Thereareseveraltechnologiescalled“4G,”eachwithmultipleimplementations.Thismakesthetermalmostmeaninglessfromatechnicalpointofview.The
InternationalTelecommunicationUnion(ITU),astandardsbody,issuedrequirementsthatanetworkneededtomeettobecalled“4G,”butthoserequirementswereignoredbycarriers.NowthemoveistoLTE,whichstandsforLongTermEvolutionoftheUniversalMobileTelecommunicationsSystem(UMTS).UMTSisthegroupofstandardsthatdefines3GforGSMnetworksacrosstheworld,andnowLTE.TherearenumeroustechnicalimplementationsofLTE,butoneofthekeyelementsistheuseoftwodifferenttypesofairinterfaces(radiolinks),onefordownlink(fromtowertodevice)andoneforuplink(fromdevicetotower).ThisisoneofthereasonsLTEismuchfasterwhenuploadinginformationfromthephonetotheInternet.LTEoffershighspeed(upto30Mbps)andlowlatency.ButnotallLTEisequal.Recenttestsindicateasmuchasanorderofmagnitudedifferenceinspeedsbetweencarriers.AsLTEexpands,newerversions,eachwithitsownsetofcharacteristicspickedfromthe
overall“standard,”aredeployedbycarriers.WhiletheLTE-Astandardhasbeenapproved,nocarrierscurrentlymeettheentirestandard.Eachcarrierhaspickedtheelementsofthestandardtheyfeelmeettheirneeds.Bottomline:4Ghasbecomeamarketingterm,andtheonlyguideonehasistouseactual
surveyresultsintheareaofyourservicetodeterminethebestsolutionforyouruserequirements.
4GMobileNetworksJustasthemobilenetworkcarrierswerefinishingtherolloutof3Gservices,4Gnetworksappearedonthehorizon.Thedesireforanywhere,anytimeInternetconnectivityatspeedsnearthatofawiredconnectiondrivesdeploymentofthesenext-generationservices.4Gcansupporthigh-qualityVoIPconnections,videocalls,andreal-timevideostreaming.Justas3Ghadsomeintermediariesthatwereconsidered2.9G,LTEandWiMAXnetworksaresometimesreferredtoas3.5G,3.75G,or3.9G.Thecarriersaremarketingthesenewnetworksas4G,althoughtheydonotadheretotheITUstandardsfor4Gspeeds.True4Gwouldrequireafirmtomeetallofthetechnicalstandards
issuedbytheITU,includingspecificationsthatapplytothetowersideofthesystem.Someofthe4Grequirementsare
Bebasedonanall-IPpacketswitchednetwork
Offerhighqualityofservicefornext-generationmultimediasupport
Smoothhandoversacrossheterogeneousnetworks
Peakdataratesofuptoapproximately100Mbpsforhighmobility(mobileaccess)
Peakdataratesofuptoapproximately1Gbpsforlowmobilitysuchasnomadic/localwirelessaccess
Dynamicallyshareandusethenetworkresourcestosupportmoresimultaneoususerspercell
Usescalablechannelbandwidthsof5–20MHz,optionallyupto40MHz
Peaklinkspectralefficiencyof15-bps/Hzinthedownlink,and6.75-bps/Hzintheuplink
Toachievetheseandothertechnicalelementsrequiresspecifictower-sideequipmentaswellashandsetspecifications.Differentcarriershavechosendifferentsetsofthesetoincludeintheirofferings,eachbuildingupontheirexistingnetworksandexistingtechnologies.Most4Gdeploymentsarecontinuationsoftechnologiesalready
deployed—justnewerevolutionsofstandards.ThisishowLTE,LTEAdvanced,WiMAX,andWiMAX2wereborn.LTEandWiMAXseriescomefromseparateroots,andarenotinterchangeable.Withinthefamilies,interoperabilityispossibleandisdependentuponcarrierimplementation.
BluetoothBluetoothwasoriginallydevelopedbyEricssonandknownasmulti-communicatorlink;in1998,Nokia,IBM,Intel,andToshibajoinedEricssonandadoptedtheBluetoothname.ThisconsortiumbecameknownastheBluetoothSpecialInterestGroup(SIG).TheSIGnowhasmorethan24,000membersanddrivesthedevelopmentofthetechnologyandcontrolsthespecificationtoensureinteroperability.
•Bluetoothicon
MostpeoplearefamiliarwithBluetoothasitispartofmanymobilephonesandheadsets,suchasthoseshowninFigure12.3.Thisshort-range,low-powerwirelessprotocoltransmitsinthe2.4GHzband,thesamebandusedfor802.11.Theconceptfortheshort-range(approx.32feet)wirelessprotocolistotransmitdatainpersonalareanetworks(PANs).
•Figure12.3HeadsetsandcellphonesaretwoofthemostpopulartypesofBluetooth-capabledevices.
Bluetoothtransmitsandreceivesdatafromavarietyofdevices,themostcommonbeingmobilephones,laptops,printers,andaudiodevices.ThemobilephonehasdrivenalotofBluetoothgrowthandhaseven
spreadBluetoothintonewcarsasamobilephonehands-freekit.Bluetoothhasgonethroughafewreleases.Version1.1wasthefirst
commerciallysuccessfulversion,withversion1.2releasedin2007andcorrectingsomeoftheproblemsfoundin1.1.Version1.2allowsspeedsupto721Kbpsandimprovesresistancetointerference.Version1.2isbackward-compatiblewithversion1.1.Withtherateofadvancementandthelifeofmosttechitems,Bluetooth1seriesisbasicallyextinct.Bluetooth2.0introducedenhanceddatarate(EDR),whichallowsthetransmissionofupto3.0Mbps.Bluetooth3.0hasthecapabilitytousean802.11channeltoachievespeedsupto24Mbps.ThecurrentversionistheBluetooth4.0standardwithsupportforthreemodes:classic,highspeed,andlowenergy.Bluetooth4introducesanewmethodtosupportcollectingdatafrom
devicesthatgeneratedataataverylowrate.Somedevices,suchasmedicaldevices,mayonlycollectandtransmitdataatlowrates.Thisfeature,calledLowEnergy(LE),wasdesignedtoaggregatedatafromvarioussensors,likeheartratemonitors,thermometers,andsoforth,andcarriesthecommercialnameBluetoothSmart.
TechTip
BluetoothSecurityBluetoothshouldalwayshavediscoverablemodeturnedoffunlessyou’redeliberatelypairingadevice.
AsBluetoothbecamepopular,peoplestartedtryingtofindholesinit.Bluetoothfeatureseasyconfigurationofdevicestoallowcommunication,withnoneedfornetworkaddressesorports.Bluetoothusespairingtoestablishatrustrelationshipbetweendevices.Toestablishthattrust,thedevicesadvertisecapabilitiesandrequireapasskey.Tohelpmaintainsecurity,mostdevicesrequirethepasskeytobeenteredintobothdevices;thispreventsadefaultpasskey–typeattack.TheBluetooth’sprotocol
advertisementofservicesandpairingpropertiesiswheresomeofthesecurityissuesstart.
TechTip
BluetoothDataRatesDifferentversionsofBluetoothhavedifferingmaximumdatatransferrates.
BluetoothAttacksAsawirelessmethodofcommunication,Bluetoothisopentoconnectionandattackfromoutsidetheintendedsenderandreceiver.SeveraldifferentattackmodeshavebeendiscoveredthatcanbeusedagainstBluetoothsystems.Bluejackingisatermusedforthesendingofunauthorizedmessagesto
anotherBluetoothdevice.Thisinvolvessettingamessageasaphonebookcontact:
ThentheattackersendsthemessagetothepossiblerecipientviaBluetooth.Originally,thisinvolvedsendingtextmessages,butmorerecentphonescansendimagesoraudioaswell.Apopularvariantofthisisthetransmissionof“shock”images,featuringdisturbingorcrudephotos.AsBluetoothisashort-rangeprotocol,theattackandvictimmustbewithinroughly10yardsofeachother.Thevictim’sphonemustalsohaveBluetoothenabledandmustbeindiscoverablemode.Onsomeearlyphones,thiswasthedefaultconfiguration,andwhileitmakesconnectingexternaldeviceseasier,italsoallowsattacksagainstthephone.IfBluetoothisturnedoff,orifthedeviceissettonondiscoverable,
bluejackingcanbeavoided.Bluesnarfingissimilartobluejackinginthatitusesthesamecontact
transmissionprotocol.Thedifferenceisthatinsteadofsendinganunsolicitedmessagetothevictim’sphone,theattackercopiesoffthevictim’sinformation,whichcanincludee-mails,contactlists,calendar,andanythingelsethatexistsonthatdevice.Morerecentphoneswithmediacapabilitiescanbesnarfedforprivatephotosandvideos.BluesnarfingusedtorequirealaptopwithaBluetoothadapter,makingitrelativelyeasytoidentifyapossibleattacker,butbluesnarfingapplicationsarenowavailableformobiledevices.Bloover,acombinationofBluetoothandHoover,isonesuchapplicationthatrunsasaJavaapplet.ThemajorityofBluetoothphonesneedtobediscoverableforthebluesnarfattacktowork,butitdoesnotnecessarilyneedtobepaired.Intheory,anattackercanalsobrute-forcethedevice’sunique48-bitname.AprogramcalledRedFangattemptstoperformthisbrute-forceattackbysendingallpossiblenamesandseeingwhatgetsaresponse.ThisapproachwasaddressedinBluetooth1.2withananonymitymode.Bluebuggingisafarmoreseriousattackthaneitherbluejackingor
bluesnarfing.Inbluebugging,theattackerusesBluetoothtoestablishaserialconnectiontothedevice.ThisallowsaccesstothefullATcommandset—GSMphonesuseATcommandssimilartoHayes-compatiblemodems.Thisconnectionallowsfullcontroloverthephone,includingthe
placingofcallstoanynumberwithoutthephoneowner’sknowledge.Fortunately,thisattackrequirespairingofthedevicestocomplete,andphonesinitiallyvulnerabletotheattackhaveupdatedfirmwaretocorrecttheproblem.Toaccomplishtheattacknow,thephoneownerwouldneedtosurrenderherphoneandallowanattackertophysicallyestablishtheconnection.BluetoothDOSistheuseofBluetoothtechnologytoperformadenial-
of-serviceattackagainstanotherdevice.Inthisattack,anattackerrepeatedlyrequestspairingwiththevictimdevice.Thistypeofattackdoesnotdivulgeinformationorpermitaccess,butisanuisance.And,more
importantly,ifdonerepeatedlyitcandrainadevice’sbattery,orpreventotheroperationsfromoccurringonthevictim’sdevice.AswithallBluetoothattacks,becauseoftheshortrangeinvolved,allonehastodoisleavetheareaandtheattackwouldcease.Bluetoothtechnologyislikelytogrowduetothepopularityofmobile
phones.Softwareandprotocolupdateshavehelpedtoimprovethesecurityoftheprotocol.AlmostallphonesnowkeepBluetoothturnedoffbydefault,andtheyallowyoutomakethephonediscoverableforonlyalimitedamountoftime.Usereducationaboutsecurityrisksisalsoalargefactorinavoidingsecuritybreaches.
NearFieldCommunicationNearfieldcommunication(NFC)isasetofwirelesstechnologiesthatenablessmartphonesandotherdevicestoestablishradiocommunicationoverashortproximity,typicallyadistanceof10cm(3.9in)orless.Thistechnologydidnotseemuchuseuntilrecentlywhenitstartedbeingemployedtomovedatabetweencellphonesandinmobilepaymentsystems.NFCislikelytobecomeahighusetechnologyintheyearstocomeasmultipleusesexistforthetechnology,andthenextgenerationofsmartphonesissurelytoseethisasastandardfunction.
IEEE802.11SeriesThe802.11bprotocolisanIEEEstandardratifiedin1999.Thestandardlaunchedarangeofproducts(suchaswirelessrouters,anexampleofwhichisshowninFigure12.4)thatwouldopenthewaytoawholenewgenreofpossibilitiesforattackersandanewseriesofheadachesforsecurityadministratorseverywhere.802.11wasanewstandardforsendingpacketizeddatatrafficoverradiowavesintheunlicensed2.4GHzband.
•Figure12.4Acommonwirelessrouter
ThisgroupofIEEEstandardsisalsocalledWi-Fi,whichisacertificationownedbyanindustrygroup,theWi-FiAlliance.AdevicemarkedasWi-FiCertifiedadherestothestandardsofthealliance.Astheproductsmaturedandbecameeasytouseandaffordable,securityexpertsbegantodeconstructthelimitedsecuritythathadbeenbuiltintothe
standard.The802.11bstandardwasthefirsttomarket,802.11afollowed,and
802.11gproductscurrentlyarethemostcommononesbeingsold.Thesechipsetshavealsocommonlybeencombinedintodevicesthatsupporta/b/gstandards.802.11nisthelateststandard.Thistableshowsthestandardswiththeirfrequencyranges.
802.11aisthewirelessnetworkingstandardthatsupportstrafficonthe5GHzband,allowingfasterspeedsovershorterranges.Featuresof802.11band802.11awerelaterjoinedtocreate802.11g,anupdatedstandardthatallowsthefasterspeedsofthe5GHzspecificationonthe2.4GHzband.Securityproblemswerediscoveredintheimplementationsoftheseearlywirelessstandards,principallyinvolvingtheWiredEquivalent
Privacy(WEP)protocol.Theseproblemsincludedanattacker’sabilitytobreakthecryptographyandmonitorotherusers’traffic.ThesecurityproblemsinWEPwereatopconcernuntiltheadoptionof802.11i-compliantproductsenhancedthesecuritywithWi-FiProtectedAccess(WPA),discussedlaterinthechapter.802.11acisthelateststandard;itfocusesonachievingmuchhigherspeedsforwirelessnetworks.Direct-sequencespreadspectrum(DSSS)isamodulationtypethatspreadsthetrafficsentovertheentirebandwidth.Itdoesthisbyinjectinganoise-likesignalintotheinformationstreamandtransmittingthenormallynarrowbandinformationoverthewiderbandavailable.Theprimaryreasonthatspread-spectrumtechnologyisusedin802.11protocolsistoavoidinterferenceonthepublic2.4GHzand5GHzbands.Orthogonalfrequencydivisionmultiplexing(OFDM)multiplexes,orseparates,thedatatobetransmittedintosmallerchunksandthentransmitsthechunksonseveralsubchannels.Thisuseofsubchannelsiswhatthe“frequencydivision”portionofthenamerefersto.Bothofthesetechniques,multiplexingandfrequencydivision,areusedtoavoidinterference.Orthogonalreferstothemannerinwhichthesubchannelsareassigned,principallytoavoidcrosstalk,orinterferencewithyourownchannels.
802.11:IndividualStandardsThe802.11bprotocolprovidesformultiple-rateEthernetover2.4GHzspread-spectrumwireless.Itprovidestransferratesof1Mbps,2Mbps,5.5Mbps,and11MbpsandusesDSSS.Themostcommonlayoutisapoint-to-multipointenvironment,withtheavailablebandwidthbeingsharedbyallusers.Typicalrangeisroughly100yardsindoorsand300yardsoutdoors,lineofsight.Whilethewirelesstransmissionsof802.11canpenetratesomewallsandotherobjects,thebestrangeisofferedwhenboththeaccesspointandnetworkclientdeviceshaveanunobstructedviewofeachother.802.11ausesahigherbandandhashigherbandwidth.Itoperatesinthe
5GHzspectrumusingOFDM.Supportingratesofupto54Mbps,itisthe
fasterbrotherof802.11b;however,thehigherfrequencyusedby802.11ashortenstheusablerangeofthedevicesandmakesitincompatiblewith802.11b.Thechipsetstendtobemoreexpensivefor802.11a,whichhasslowedadoptionofthestandard.The802.11gstandardusesportionsofbothoftheotherstandards:it
usesthe2.4GHzbandforgreaterrangebutusestheOFDMtransmissionmethodtoachievethefaster54Mbpsdatarates.Asitusesthe2.4GHzband,thisstandardinteroperateswiththeolder802.11bstandard.Thisallowsan802.11gaccesspoint(AP)togiveaccesstoboth“G”and“B”clients.The802.11nversionimprovesontheolderstandardsbygreatly
increasingspeed.Ithasafunctionaldatarateofupto600Mbps,gainedthroughtheuseofwiderbandsandmultiple-inputmultiple-output(MIMO)processing.MIMOusesmultipleantennasandcanbondseparatechannelstogethertoincreasedatathroughput.802.11acisthelatestinthe5GHzband,withfunctionaldataratesupto
atheoretical6+Gbpsusingmultipleantennas.The802.11acstandardwasratifiedin2014,andchipsetshavebeenavailablesincelate2011.Designedformultimediastreamingandotherhigh-bandwidthoperations,theindividualchannelsaretwicethewidthof802.11nchannels,andasmanyaseightantennascanbedeployedinaMu-MIMOform.802.11proposalsdon’tstopwith“ac”though.Thereareseveralideas
thatextendthe802.11standardfornewandinterestingapplications.Forexample,802.11sisaproposedstandardforwirelessmeshnetworkswhereallnodesonthenetworkareequalinsteadofusinganaccesspointandaclient.802.11pisanotherexample;itdefinesanapplicationwheremobilevehiclescancommunicatewithothervehiclesorroadsidestationsforsafetyinformationortollcollection.Alltheseprotocolsoperateinbandsthatare“unlicensed”bytheFCC.
ThismeansthatpeopleoperatingthisequipmentdonothavetobecertifiedbytheFCC,butitalsomeansthatthedevicescouldpossiblysharethebandwithotherdevices,suchascordlessphones,closed-circuitTV(CCTV)wirelesstransceivers,andothersimilarequipment.Thisother
equipmentcancauseinterferencewiththe802.11equipment,possiblycausingspeeddegradation.
The2.4GHzbandiscommonlyusedbymanyhouseholddevicesthatareconstantlyon,suchascordlessphones.Itisalsothefrequencyusedbymicrowaveovenstoheatfood.SoifyouarehavingintermittentinterferenceonyourWi-FiLAN,checktoseeifthemicrowaveison.
The802.11protocoldesignersexpectedsomesecurityconcernsandattemptedtobuildprovisionsintothe802.11protocolthatwouldensureadequatesecurity.The802.11standardincludesattemptsatrudimentaryauthenticationandconfidentialitycontrols.Authenticationishandledinitsmostbasicformbythe802.11AP,forcingtheclientstoperformahandshakewhenattemptingto“associate”totheAP.
SSIDscanbesettoanythingbythepersonsettingupanaccesspoint.So,while“FBISurveillanceVan#14”mayseemhumorous,whataboutSSIDswiththenameoftheairportyouarein,Starbucks,orthehotelyouarein?Canyoutrustthem?Sinceanyonecanuseanyname,theanswerisno.So,ifyouneedasecureconnection,youshouldusesomeformofsecurechannelsuchasaVPNforcommunicationsecurity.Forevenmoresecurity,youcancarryyourownaccesspointandcreateawirelesschannelthatyoucontrol.
AssociationistheprocessrequiredbeforetheAPwillallowtheclienttotalkacrosstheAPtothenetwork.Associationoccursonlyiftheclienthasallthecorrectparametersneededinthehandshake,amongthemtheservicesetidentifier(SSID).ThisSSIDsettingshouldlimitaccessonlytotheauthorizedusersofthewirelessnetwork.TheSSIDisaphrase-basedmechanismthathelpsensurethatyouareconnectingtothecorrectAP.ThisSSIDphraseistransmittedinalltheaccesspoint’sbeaconframes.Thebeaconframeisan802.11managementframeforthenetworkandcontainsseveraldifferentfields,suchasthetimestampandbeaconinterval,butmostimportantlytheSSID.Thisallowsattackersto
scanforthebeaconframeandretrievetheSSID.Thedesignersofthe802.11standardalsoattemptedtomaintain
confidentialitybyintroducingWiredEquivalentPrivacy(WEP),whichusestheRC4streamciphertoencryptthedataasitistransmittedthroughtheair.WEPhasbeenshowntohaveanimplementationproblemthatcanbeexploitedtobreaksecurity.Tounderstandallthe802.11securityproblems,youmustfirstlookat
someofthereasonsitbecamesuchaprominenttechnology.Wirelessnetworkscamealongin2000andbecameverypopular.Forthefirsttime,itwaspossibletohavealmostfull-speednetworkconnectionswithouthavingtobetieddowntoanEthernetcable.Thetechnologyquicklytookoff,allowingpricestodropintotheconsumerrange.Oncethemarketshiftedtofocusoncustomerswhowerenotnecessarilytechnologists,theproductsalsobecameveryeasytoinstallandoperate.Defaultsettingsweredesignedtogetthenoviceusersupandrunningwithouthavingtoalteranythingsubstantial,andproductsweredescribedasbeingabletojustpluginandwork.Thesedevelopmentsfurtherenlargedthemarketforthelow-cost,easy-to-usewirelessaccesspoints.ThenattackersrealizedthatinsteadofattackingmachinesovertheInternet,theycoulddrivearoundandseekouttheseAPs.Typically,accesstoactualEthernetsegmentsisprotectedbyphysical
securitymeasures.Thisstructureallowssecurityadministratorstoplanforonlyinternalthreatstothenetworkandgivesthemaclearideaofthetypesandnumberofmachinesconnectedtoit.Wirelessnetworkingtakesthekeystothekingdomandtossesthemoutthewindowandintotheparkinglot.Atypicalwirelessinstallationbroadcaststhenetworkrightthroughthephysicalcontrolsthatareinplace.AnattackercandriveupandhavethesameaccessasifhepluggedintoanEthernetjackinsidethebuilding—infact,betteraccess,because802.11isasharedmedium,allowingsnifferstoviewallpacketsbeingsenttoorfromtheAPandallclients.TheseAPsarealsotypicallybehindanysecuritymeasuresthecompanieshaveinplace,suchasfirewallsandintrusiondetectionsystems(IDSs).Thiskindofaccessintotheinternalnetworkhascausedalargestiramongcomputer
securityprofessionalsandeventuallythemedia.War-driving,war-flying,war-walking,war-chalking—allofthesetermshavebeenusedinsecurityarticleaftersecurityarticletodescribeattacksonwirelessnetworks.
CrossCheckIntrusionDetectionSystemsChapter13hasalotmoreinformationaboutintrusiondetectionsystems,whereasthischapterreferencesmethodsofgettingpasttheIDSs.WhenyoulearnmoreaboutthedifferentIDSs,howwouldyoudesignanIDSthatcancatchwirelessattackers?
Attacking802.11Wirelessisapopulartargetforseveralreasons:theaccessgainedfromwireless,thelackofdefaultsecurity,andthewideproliferationofdevices.However,otherreasonsalsomakeitattackable.Thefirstoftheseisanonymity:Anattackercanprobeyourbuildingforwirelessaccessfromthestreet.ThenhecanlogpacketstoandfromtheAPwithoutgivinganyindicationthatanattemptedintrusionistakingplace.TheattackerwillannouncehispresenceonlyifheattemptstoassociatetotheAP.Eventhen,anattemptedassociationisrecordedonlybytheMACaddressofthewirelesscardassociatingtoit,andmostAPsdonothavealertingfunctionalitytoindicatewhenusersassociatetoit.Thisfactgivesadministratorsaverylimitedviewofwhoisgainingaccesstothenetwork,iftheyareevenpayingattentionatall.Itgivesattackerstheabilitytoseekoutandcompromisewirelessnetworkswithrelativeimpunity.Thesecondreasonisthelowcostoftheequipmentneeded.Asingle
wirelessaccesscardcostinglessthan$100cangiveaccesstoanyunsecuredAPwithindrivingrange.Finally,attackingawirelessnetworkisrelativelyeasycomparedtoattackingothertargethosts.Windows-basedtoolsforlocatingandsniffingwireless-basednetworkshaveturnedanyonewhocandownloadfilesfromtheInternetandhasawirelesscardintoapotentialattacker.
Locatingwirelessnetworkswasoriginallytermedwar-driving,anadaptationofthetermwar-dialing.War-dialingcomesfromthe1983movieWarGames;itistheprocessofdialingalistofphonenumberslookingformodem-connectedcomputers.War-driversdrivearoundwithawirelesslocaterprogramrecordingthenumberofnetworksfoundandtheirlocations.Thistermhasevolvedalongwithwar-flyingandwar-walking,whichmeanexactlywhatyouexpect.War-chalkingstartedwithpeopleusingchalkonsidewalkstomarksomeofthewirelessnetworkstheyfound.
Anonymityalsoworksinanotherway;onceanattackerfindsanunsecuredAPwithwirelessaccess,theycanuseanessentiallyuntraceableIPaddresstoattemptattacksonotherInternethosts.
Themostcommontoolsforanattackertousearereception-basedprogramsthatlistentothebeaconframesoutputbyotherwirelessdevices,andprogramsthatpromiscuouslycapturealltraffic.ThemostwidelyusedoftheseprogramsiscalledNetStumbler,createdbyMariusMilnerandshowninFigure12.5.ThisprogramlistensforthebeaconframesofAPsthatarewithinrangeofthecardattachedtotheNetStumblercomputer.Whenitreceivestheframes,itlogsallavailableinformationabouttheAPforlateranalysis.Sinceitlistensonlytobeaconframes,NetStumblerdisplaysonlynetworksthathavetheSSIDbroadcastturnedon.IfthecomputerhasaGPSunitattachedtoit,theprogramalsologstheAP’scoordinates.ThisinformationcanbeusedtoreturntotheAPortoplotmapsofAPsinacity.
•Figure12.5NetStumbleronaWindowsPC
NetStumblerisaWindows-basedapplication,butprogramsforotheroperatingsystemssuchasOSX,BSD,Linux,andothersworkonthesameprinciple.
ExamTip:Becausewirelessantennascantransmitoutsideafacility,thepropertuningandplacementoftheseantennascanbecrucialforsecurity.Adjustingradiatedpowerthroughthesepower-levelcontrolswillassistinkeepingwirelesssignalsfrombeingbroadcastoutsideareas
underphysicalaccesscontrol.
Onceanattackerhaslocatedanetwork,andassumingthathecannotdirectlyconnectandstartactivescanningandpenetrationofthenetwork,hewillusethebestattacktoolthereis:anetworksniffer.Thenetworksniffer,whencombinedwithawirelessnetworkcarditcansupport,isapowerfulattacktool,asthesharedmediumofawirelessnetworkexposesallpacketstointerceptionandlogging.PopularwirelesssniffersareWireshark(formerlyEthereal)andKismet.RegularsniffersusedonwiredEthernethavealsobeenupdatedtoincludesupportforwireless.SniffersarealsoimportantbecausetheyallowyoutoretrievetheMACaddressesofthenodesofthenetwork.APscanbeconfiguredtoallowaccessonlytoprespecifiedMACaddresses,andanattackerspoofingtheMACcanbypassthisfeature.Therearespecializedsniffertoolsdesignedwithasingleobjective:to
crackWiredEquivalentPrivacy(WEP)keys.Asdescribedearlier,WEPisanencryptionprotocolthat802.11usestoattempttoensureconfidentialityofwirelesscommunications.Unfortunately,ithasturnedouttohaveseveralproblems.WEP’sweaknessesarespecificallytargetedforattackbythespecializedsnifferprograms.Theyworkbyexploitingweakinitializationvectorsintheencryptionalgorithm.Toexploitthisweakness,anattackerneedsacertainnumberofciphertextpackets;oncehehascapturedenoughpackets,however,theprogramcanveryquicklydeciphertheencryptionkeybeingused.WEPCrackwasthefirstavailableprogramtousethisflawtocrackWEPkeys;however,WEPCrackdependsonadumpofactualnetworkpacketsfromanothersnifferprogram.AirSnortisastandaloneprogramthatcapturesitsownpackets;onceithascapturedenoughciphertext,itprovidestheWEPkeyofthenetwork.
TechTip
IVAttackBecauseofthesmalllengthoftheinitializationvector(IV)inWEP,theprotectionissubject
toattackovertimebyexaminingpacketsanddeterminingwhentheIV+RC4keyrepeats,enablingthedefeatoftheprotection.
Localusersofthenetworkaresusceptibletohavingtheirentiretrafficdecodedandanalyzed.Apropersitesurveyisanimportantstepinsecuringawirelessnetworktoavoidsendingcriticaldatabeyondcompanywalls.Recurringsitesurveysareimportantbecausewirelesstechnologyischeapandtypicallycomesunsecuredinitsdefaultconfiguration.IfanyoneattachesawirelessAPtoyournetwork,youwanttoknowaboutitimmediately.
TechTip
AnotherMeaningofRogueAccessPointA“rogueaccesspoint”canalsorefertoanattacker’saccesspoint,setupasamaninthemiddletocapturelogininformationfromunsuspectingusers.
Ifunauthorizedwirelessissetup,itisknownasarogueaccesspoint.Rogueaccesspointscanbesetupbywell-meaningemployeesorhiddenbyanattackerwithphysicalaccess.Anattackermightsetuparogueaccesspointiftheyhavealimitedamountofphysicalaccesstoanorganization,perhapsbysneakingintothebuildingbriefly.TheattackercanthensetupanAPonthenetworkand,byplacingitbehindtheexternalfirewallornetworkIDS(NIDS)typeofsecuritymeasures,canattachtothewirelessatalaterdateattheirleisure.Thisapproachreducestheriskofgettingcaughtbyphysicalsecuritystaff,andiftheAPisfound,itdoesnotpointdirectlybacktoanykindoftraceableaddress.Anothertypeof802.11attackisknownastheeviltwinattack.Thisis
theuseofanaccesspointownedbyanattackerthatusuallyhasbeenenhancedwithhigher-powerandhigher-gainantennastolooklikeabetterconnectiontotheusersandcomputersattachingtoit.Bygettinguserstoconnectthroughtheevilaccesspoint,attackerscanmoreeasilyanalyze
trafficandperformman-in-the-middle−typeattacks.Forsimpledenialofservice,anattackercoulduseinterferencetojamthewirelesssignal,notallowinganycomputertoconnecttotheaccesspointsuccessfully.
CrossCheckIdentifyingRogueAccessPointsInChapter8youlearnedabouthowphysicalsecuritycanimpactinformationsecurity,andhowseveraldifferentdevicescanactasawirelessbridgeandbearogueaccesspoint.Canyouthinkofsomephysicalsecuritypoliciesthatcanhelpreducetheriskofrogueaccesspoints?Whataboutsomeinformationsecuritypolicies?
802.11networkshavetwofeaturesusedprimarilyforsecurity:oneisdesignedsolelyforauthentication,andtheotherisdesignedforauthenticationandconfidentiality.Partoftheauthenticationfunction,introducedearlier,isknownastheservicesetidentifier(SSID).Thisunique32-octetidentifierisattachedtotheheaderofthepacket.TheSSIDisbroadcastbydefaultasanetworkname,butbroadcastingofthisbeaconframecanbedisabled.UserscanauthenticatetoanetworkregardlessofwhethertheSSIDisbroadcastornot,buttheydoneedtoknowtheSSIDtoconnect.ManyAPsalsouseadefaultSSID;forCiscoAPs,thisdefaultis
tsunami,whichmayindicateanAPthathasnotbeenconfiguredforanysecurity.RenamingtheSSIDanddisablingSSIDbroadcastarebothgoodideas;however,becausetheSSIDispartofeveryframe,thesemeasuresshouldnotbeconsideredadequatetosecurethenetwork.AstheSSIDis,hopefully,auniqueidentifier,onlypeoplewhoknowtheidentifierwillbeabletocompleteassociationtotheAP.WhiletheSSIDisagoodideaintheory,itissentinplaintextinthepackets,soinpracticeSSIDofferslittlesecuritysignificance—anysniffercandeterminetheSSID.ThisweaknessismagnifiedbymostAPs’defaultsettingstotransmit
beaconframes.Thebeaconframe’spurposeistoannouncethewirelessnetwork’spresenceandcapabilitiessothatWLANcardscanattemptto
associatetoit.ThiscanbedisabledinsoftwareformanyAPs,especiallythemoresophisticatedones.Fromasecurityperspective,thebeaconframeisdamagingbecauseitcontainstheSSID,andthisbeaconframeistransmittedatasetinterval(tentimespersecondbydefault).SinceadefaultAPwithoutanyothertrafficissendingoutitsSSIDinplaintexttentimesasecond,youcanseewhytheSSIDdoesnotprovidetrueauthentication.ScanningprogramssuchasNetStumblerworkbycapturingthebeaconframesandtherebytheSSIDsofallAPs.
ExamTip:MACfilteringcanbeemployedonWAPsbutcanbebypassedbyattackersobservingallowedMACaddressesandspoofingtheallowedMACaddressforthewirelesscard.
MostAPsalsohavetheabilitytolockaccessinonlytoknownMACaddresses,providingalimitedauthenticationcapability.Givensniffers’capacitytograballactiveMACaddressesonthenetwork,thiscapabilityisnotveryeffective.AnattackersimplyconfigureshiswirelesscardstoaknowngoodMACaddress.WEPencryptsthedatatravelingacrossthenetworkwithanRC4stream
cipher,attemptingtoensureconfidentiality.Thissynchronousmethodofencryptionensuressomemethodofauthentication.ThesystemdependsontheclientandtheAPhavingasharedsecretkey,ensuringthatonlyauthorizedpeoplewiththeproperkeyhaveaccesstothewirelessnetwork.WEPsupportstwokeylengths,40and104bits,thoughthesearemoretypicallyreferredtoas64and128bits,because24bitsoftheoverallkeylengthareusedfortheinitializationvector(IV).In802.11aand802.11g,manufacturershaveextendedthisto152-bitWEPkeys,againwith24bitsbeingusedfortheIV.
TechTip
WEPIsn’tEquivalentWEPshouldnotbetrustedalonetoprovideconfidentiality.IfWEPistheonlyprotocolsupportedbyyourAP,placeitoutsidethecorporatefirewallandVPNtoaddmoreprotection.
TheIVistheprimaryreasonfortheweaknessesinWEP.TheIVissentintheplaintextpartofthemessage,andbecausethetotalkeyspaceisapproximately16millionkeys,thesamekeywillbereused.Oncethekeyhasbeenrepeated,anattackerhastwociphertextsencryptedwiththesamekeystream.Thisallowstheattackertoexaminetheciphertextandretrievethekey.ThisattackcanbeimprovedbyexaminingonlypacketsthathaveweakIVs,reducingthenumberofpacketsneededtocrackthekey.UsingonlyweakIVpackets,thenumberofrequiredcapturedpacketsisreducedtoaroundfourorfivemillion,whichcantakeonlyafewhourstocaptureonafairlybusyAP.Forapointofreference,thismeansthatequipmentwithanadvertisedWEPkeyof128bitscanbecrackedinlessthanaday,whereastocrackanormal128-bitkeywouldtakeroughly2,000,000,000,000,000,000yearsonacomputerabletoattemptonetrillionkeysasecond.Asmentioned,AirSnortisamodifiedsniffingprogramthattakesadvantageofthisweaknesstoretrievetheWEPkeys.ThebiggestweaknessofWEPisthattheIVproblemexistsregardless
ofkeylength,becausetheIValwaysremainsat24bits.Afterthelimitedsecurityfunctionsofawirelessnetworkarebroken,the
networkbehavesexactlylikearegularEthernetnetworkandissubjecttotheexactsamevulnerabilities.Thehostmachinesthatareonorattachedtothewirelessnetworkareasvulnerableasiftheyandtheattackerwerephysicallyconnected.Beingonthenetworkopensupallmachinestovulnerabilityscanners,Trojanhorseprograms,virusandwormprograms,andtrafficinterceptionviasnifferprograms.Anyunpatchedvulnerabilityonanymachineaccessiblefromthewirelesssegmentisnowopentocompromise.
CurrentSecurityMethods
WEPwasdesignedtoprovidesomemeasureofconfidentialityonan802.11networksimilartowhatisfoundonawirednetwork,butthathasnotbeenthecase.Accordingly,theWi-FiAlliancedevelopedWi-FiProtectedAccess(WPA)toimproveuponWEP.The802.11istandardistheIEEEstandardforsecurityinwirelessnetworks,alsoknownasWi-FiProtectedAccess2(WPA2).Ituses802.1Xtoprovideauthentication.WPA2canuseAdvancedEncryptionStandard(AES)astheencryptionprotocol.The802.11istandardspecifiestheuseoftheTemporalKeyIntegrityProtocol(TKIP)andusesAESwiththeCounterModewithCBC-MACProtocol(infull,theCounterModewithCipherBlockChaining–MessageAuthenticationCodesProtocol,orsimplyCCMP).Thesetwoprotocolshavedifferentfunctions,buttheybothservetoenhancesecurity.TKIPworksbyusingasharedsecretcombinedwiththecard’sMAC
addresstogenerateanewkey,whichismixedwiththeIVtomakeper-packetkeysthatencryptasinglepacketusingthesameRC4cipherusedbytraditionalWEP.ThisovercomestheWEPkeyweakness,asakeyisusedononlyonepacket.Theotheradvantagetothismethodisthatitcanberetrofittedtocurrenthardwarewithonlyasoftwarechange,unlikeAESand802.1X.CCMPisactuallythemodeinwhichtheAEScipherisusedtoprovidemessageintegrity.UnlikeTKIP,CCMPrequiresnewhardwaretoperformtheAESencryption.Theadvancesof802.11ihavecorrectedtheweaknessesofWEP.
WPAThefirststandardtobeusedinthemarkettoreplaceWEPwasWi-FiProtectedAccess(WPA).ThisstandardusestheflawedWEPalgorithmwiththeTemporalKeyIntegrityProtocol(TKIP).WhileWEPusesa40-bitor104-bitencryptionkeythatmustbe
manuallyenteredonwirelessaccesspointsanddevicesanddoesnotchange,TKIPemploysaper-packetkey,generatinganew128-bitkeyforeachpacket.Thiscangenerallybeaccomplishedwithonlyafirmwareupdate,enablingasimplesolutiontothetypesofattacksthatcompromise
WEP.
TKIPTemporalKeyIntegrityProtocol(TKIP)wascreatedasastopgapsecuritymeasuretoreplacetheWEPprotocolwithoutrequiringthereplacementoflegacyhardware.ThebreakingofWEPhadleftWi-Finetworkswithoutviablelink-layersecurity,andasolutionwasrequiredforalreadydeployedhardware.TKIPworksbymixingasecretrootkeywiththeIVbeforetheRC4encryption.WPA/TKIPusesthesameunderlyingmechanismasWEP,andconsequentlyisvulnerabletoanumberofsimilarattacks.TKIPisnolongerconsideredsecureandhasbeendeprecatedwiththereleaseofWPA2.
WPA2IEEE802.11iisthestandardforsecurityinwirelessnetworksandisalsoknownasWi-FiProtectedAccess2(WPA2).Ituses802.1xtoprovideauthenticationandusestheAdvancedEncryptionStandard(AES)astheencryptionprotocol.WPA2usestheAESblockcipher,asignificantimprovementoverWEP’sandWPA’suseoftheRC4streamcipher.The802.11istandardspecifiestheuseoftheCounterModewithCBC-MACProtocol(infull,theCounterModewithCipherBlockChaining–MessageAuthenticationCodesProtocol,orsimplyCCMP).
WPSWi-FiProtectedSetup(WPS)isanetworksecuritystandardthatwascreatedtoprovideuserswithaneasymethodofconfiguringwirelessnetworks.Designedforhomenetworksandsmallbusinessnetworks,thisstandardinvolvestheuseofaneight-digitPINtoconfigurewirelessdevices.WPSconsistsofaseriesofExtensibleAuthenticationProtocol(EAP)messagesandhasbeenshowntobesusceptibletoabrute-forceattack.AsuccessfulattackcanrevealthePINandsubsequentlytheWPA/WPA2passphraseandallowunauthorizedpartiestogainaccessto
thenetwork.Currently,theonlyeffectivemitigationistodisableWPS.
SettingUpWPA2IfWPSisnotsafeforuse,howdoesonesetupWPA2?TosetupWPA2,youneedtohaveseveralparameters.Figure12.6showsthescreensforaWPA2setupinWindows7.
•Figure12.6WPA2setupoptionsinWindows7
Thefirstelementistochooseasecurityframework.Whenconfiguringanadaptertoconnecttoanexistingnetwork,youneedtomatchthechoiceofthenetwork.Whensettingupyourownnetwork,youcanchoosewhicheveroptionyouprefer.Therearemanyselections,butforsecuritypurposes,youshouldchooseWPA2-PersonalorWPA2-Enterprise.Bothoftheserequirethechoiceofanencryptiontype,eitherTKIPorAES.TKIPhasbeendeprecated,sochooseAES.Thelastelementisthechoiceofthenetworksecuritykey—thesecretthatissharedbyallusers.WPA2-Enterprise,whichisdesignedtobeusedwithan802.1xauthenticationserverthatdistributesdifferentkeystoeachuser,istypicallyusedinbusinessenvironments.
EAPExtensibleAuthenticationProtocol(EAP)isdefinedinRFC2284(obsoletedby3748).EAP-TLSreliesonTransportLayerSecurity(TLS),anattempttostandardizetheSSLstructuretopasscredentials.EAP-TTLS(theacronymstandsforEAP–TunneledTLSprotocol)isavariantoftheEAP-TLSprotocol.EAP-TTLSworksmuchthesamewayasEAP-TLS,withtheserverauthenticatingtotheclientwithacertificate,buttheprotocoltunnelstheclientsideoftheauthentication,allowingtheuseoflegacyauthenticationprotocolssuchasPasswordAuthenticationProtocol(PAP),Challenge-HandshakeAuthenticationProtocol(CHAP),MS-CHAP,orMS-CHAP-V2.
LEAPCiscodesignedaproprietaryEAPknownasLightweightExtensibleAuthenticationProtocol(LEAP);however,thisisbeingphasedoutfornewerprotocolssuchasPEAPorEAP-TLS.Susceptibletoofflinepasswordguessing,andwithtoolsavailablethatactivelybreakLEAPsecurity,thisprotocolhasbeendeprecatedinfavorofstrongermethodsof
EAP.
PEAPPEAP,orProtectedEAP,wasdevelopedtoprotecttheEAPcommunicationbyencapsulatingitwithTLS.ThisisanopenstandarddevelopedjointlybyCisco,Microsoft,andRSA.EAPwasdesignedassumingasecurecommunicationchannel.PEAPprovidesthatprotectionaspartoftheprotocolviaaTLStunnel.PEAPiswidelysupportedbyvendorsforuseoverwirelessnetworks.
Implementing802.1XTheIEEE802.1XprotocolcansupportawidevarietyofauthenticationmethodsandalsofitswellintoexistingauthenticationsystemssuchasRADIUSandLDAP.Thisallows802.1XtointeroperatewellwithothersystemssuchasVPNsanddial-upRAS.Unlikeotherauthenticationmethods,suchasthePoint-to-PointProtocoloverEthernet(PPPoE),802.1Xdoesnotuseencapsulation,sothenetworkoverheadismuchlower.Unfortunately,theprotocolisjustaframeworkforprovidingimplementation,sonospecificsguaranteestrongauthenticationorkeymanagement.Implementationsoftheprotocolvaryfromvendortovendorinmethodofimplementationandstrengthofsecurity,especiallywhenitcomestothedifficulttestofwirelesssecurity.Threecommonmethodsareusedtoimplement802.1X:EAP-TLS,
EAP-TTLS,andEAP-MD5.EAP-TLSreliesonTLS,anattempttostandardizetheSSLstructuretopasscredentials.Thestandard,developedbyMicrosoft,usesX.509certificatesandoffersdynamicWEPkeygeneration.Thismeansthattheorganizationmusthavetheabilitytosupportthepublickeyinfrastructure(PKI)intheformofX.509digitalcertificates.Also,per-user,per-sessiondynamicallygeneratedWEPkeyshelppreventanyonefromcrackingtheWEPkeysinuse,aseachuserindividuallyhasherownWEPkey.EvenifauserwereloggedontotheAPandtransmittedenoughtraffictoallowcrackingoftheWEPkey,accesswouldbegainedonlytothatuser’straffic.Nootheruser’sdata
wouldbecompromised,andtheattackercouldnotusetheWEPkeytoconnecttotheAP.ThisstandardauthenticatestheclienttotheAP,butitalsoauthenticatestheAPtotheclient,helpingtoavoidman-in-the-middleattacks.ThemainproblemwiththeEAP-TLSprotocolisthatitisdesignedtoworkonlywithMicrosoft’sActiveDirectoryandCertificateServices;itwillnottakecertificatesfromothercertificateissuers.Thusamixedenvironmentwouldhaveimplementationproblems.Asdiscussedearlier,EAP-TTLSworksmuchthesamewayasEAP-
TLS,withtheserverauthenticatingtotheclientwithacertificate,buttheprotocoltunnelstheclientsideoftheauthentication,allowingtheuseoflegacyauthenticationprotocolssuchasPasswordAuthenticationProtocol(PAP),Challenge-HandshakeAuthenticationProtocol(CHAP),MS-CHAP,orMS-CHAP-V2.ThismakestheprotocolmoreversatilewhilestillsupportingtheenhancedsecurityfeaturessuchasdynamicWEPkeyassignment.EAP-MD5,whileitdoesimprovetheauthenticationoftheclienttothe
AP,doeslittleelsetoimprovethesecurityofyourAP.TheprotocolworksbyusingtheMD5encryptionprotocoltohashauser’susernameandpassword.Thisprotocol,unfortunately,providesnowayfortheAPtoauthenticatewiththeclient,anditdoesnotprovidefordynamicWEPkeyassignment.Inthewirelessenvironment,withoutstrongtwo-wayauthentication,itisveryeasyforanattackertoperformaman-in-the-middleattack.Normally,thesetypesofattacksaredifficulttoperform,requiringatrafficredirectofsomekind,butwirelesschangesallthoserules.BysettinguparogueAP,anattackercanattempttogetclientstoconnecttoitasifitwereauthorizedandthensimplyauthenticatetotherealAP,asimplewaytohaveaccesstothenetworkandtheclient’scredentials.TheproblemofnotdynamicallygeneratingWEPkeysisthatitsimplyopensupthenetworktothesamelackofconfidentialitytowhichanormalAPisvulnerable.AnattackerhastowaitonlyforenoughtraffictocracktheWEPkey,andhecanthenobservealltrafficpassingthroughthenetwork.BecausethesecurityofwirelessLANshasbeensoproblematic,many
usershavesimplyswitchedtoalayeredsecurityapproach—thatis,theyhavemovedtheirAPstountrustworthyportionsofthenetworkandhaveforcedallclientstoauthenticatethroughthefirewalltoathird-partyVPNsystem.TheadditionalsecuritycomesatapriceofputtingmoreloadonthefirewallandVPNinfrastructureandpossiblyaddingcumbersomesoftwaretotheusers’devices.Whilewirelesscanbesetupinaverysecuremannerinthisfashion,itcanalsobesetuppoorly.Somesystemslackstrongauthenticationofbothendpoints,leadingtopossibilitiesofaman-in-the-middleattack.Also,eventhoughthedataistunneledthrough,IPaddressesarestillsentintheclear,givinganattackerinformationaboutwhatandwhereyourVPNendpointis.Anotherphenomenonofwirelessisborneoutofitswideavailability
andlowprice.AllthesecuritymeasuresofthewiredandwirelessnetworkcanbedefeatedbytherogueAP.Thisisthethirdpossibletypeofrogueaccesspointdiscussedinthischapter;theyallsharethesamenameastheyallrepresentasecuritybreach.However,sincetheyareimplementedwithdifferentmotivesandaccordinglyposeslightlydifferentthreats,wediscussthemallseparately.Inthiscase,awell-intentionedemployeewhoistryingtomaketheworkenvironmentmoreconvenientpurchasesanAPatalocalretailerandinstallsit.Wheninstalled,itworksfine,butittypicallywillhavenosecurityinstalled.SincetheITdepartmentdoesn’tknowaboutit,itisanuncontrolledentrypointintothenetwork.NomatterwhatkindofrogueAPwearedealingwith,therogueAP
mustbedetectedandcontrolled.ThemostcommonwaytocontrolrogueAPsissomeformofwirelessscanningtoensureonlylegitimatewirelessisinplaceatanorganization.WhilecompletewirelessIDSswilldetectAPs,thiscanalsobedonewithalaptopandfreesoftware.
TryThis!ScanningforRogueWirelessOnceyouhavecompletedLabProject12.1andhaveNetStumblerorKismetinstalledonthecomputer,takeittoseverallocationsaroundyourworkplaceorschoolandattempttoscanfor
wirelessaccesspointsthatshouldnotbethere.
CCMPAspreviouslymentionedinthediscussionofWPA2,CCMPstandsforCounterModewithCipherBlockChaining–MessageAuthenticationCodesProtocol(orCounterModewithCBC-MACProtocol).CCMPisadataencapsulationencryptionmechanismdesignedforwirelessuse.CCMPisactuallythemodeinwhichtheAEScipherisusedtoprovidemessageintegrity.UnlikeWPA,CCMPrequiresnewhardwaretoperformtheAESencryption.
MACFilteringMACfilteringistheselectiveadmissionofpacketsbasedonalistofapprovedMediaAccessControl(MAC)addresses.Employedonswitches,thismethodisusedtoprovideameansofmachineauthentication.Inwirednetworks,thisenjoystheprotectionaffordedbythewires,makinginterceptionofsignalstodeterminetheirMACaddressesdifficult.Inwirelessnetworks,thissamemechanismsuffersfromthefactthatanattackercanseetheMACaddressesofalltraffictoandfromtheaccesspoint,andthencanspooftheMACaddressesthatarepermittedtocommunicateviatheaccesspoint.
ExamTip:MACfilteringcanbeemployedonwirelessaccesspoints,butcanbebypassedbyattackersobservingallowedMACaddressesandspoofingtheallowedMACaddressforthewirelesscard.
WirelessSystemsConfigurationWirelesssystemsaremorethanjustprotocols.Puttingupafunctional
wirelesssysteminahouseisaseasyasplugginginawirelessaccesspointandconnecting.Butinanenterprise,wheremultipleaccesspointswillbeneeded,theconfigurationtakessignificantlymorework.Sitesurveysareneededtodetermineproperaccesspointandantennaplacement,aswellaschannelsandpowerlevels.
AntennaTypesThestandardaccesspointisequippedwithanomnidirectionalantenna.Omnidirectionalantennasoperateinalldirections,makingtherelativeorientationbetweendeviceslessimportant.Omnidirectionalantennascoverthegreatestareaperantenna.Theweaknessoccursincornersandhard-to-reachareas,aswellasboundariesofafacilitywheredirectionalantennasareneededtocompletecoverage.Figure12.7showsasamplingofcommonWi-Fiantennas:(a)isacommonhomewirelessrouter,(b)isacommercialindoorwirelessaccesspoint,and(c)isanoutdoordirectionalantenna.Thesecanbevisibleasshown,orhiddenaboveceilingtiles.
•Figure12.7Wirelessaccesspointantennas
WirelessnetworkingproblemscausedbyweaksignalstrengthcansometimesbesolvedbyinstallingupgradedWi-Firadioantennasontheaccesspoints.Onbusinessnetworks,thecomplexityofmultipleaccesspointstypicallyrequiresacomprehensivesitesurveytomaptheWi-Fi
signalstrengthinandaroundofficebuildings.Additionalwirelessaccesspointscanthenbestrategicallyplacedwhereneededtoresolvedeadspotsincoverage.Forsmallbusinessesandhomes,whereasingleaccesspointmaybeallthatisneeded,anantennaupgrademaybeasimplerandmorecost-effectiveoptiontofixWi-Fisignalproblems.TwocommonformsofupgradedantennasaretheYagiantennaandthe
panelantenna.AnexampleofaYagiantennaisshowninFigure12.7(c).BothYagiandpanelantennasaredirectionalinnature,spreadingtheRFenergyinamorelimitedfield,increasingeffectiverangeinonedirectionwhilelimitingitinothers.Panelantennascanprovidesolidroomperformancewhilepreventingsignalbleedbehindtheantennas.Thisworkswellontheedgeofasite,limitingthestrayemissionsthatcouldbecapturedoffsite.Yagiantennasactmorelikearifle,funnelingtheenergyalongabeam.Thisallowsmuchlongercommunicationdistancesusingstandardpower.Thisalsoenableseavesdropperstocapturesignalsfrommuchgreaterdistancesbecauseofthegainprovidedbytheantennaitself.
AntennaPlacementWi-Fiisbynaturearadio-basedmethodofcommunication,andassuchusesantennastotransmitandreceivethesignals.Theactualdesignandplacementoftheantennascanhaveasignificanteffectontheusabilityoftheradiofrequency(RF)mediumforcarryingthetraffic.Antennascomeinavarietyoftypes,eachwithitsowntransmissionpatternandgainfactor.High-gainantennascandealwithweakersignals,butalsohavemore-limitedcoverage.Wide-coverage,omnidirectionalantennascancoverwiderareas,butatlowerlevelsofgain.Theobjectiveofantennaplacementistomaximizethecoverageoveraphysicalareaandreducelow-gainareas.Thiscanbeverycomplexinbuildingswithwalls,electricalinterference,andothersourcesofinterferenceandfrequentlyrequiresasitesurveytodetermineproperplacement.
ExamTip:Becausewirelessantennascantransmitoutsideafacility,tuningandplacementofantennascanbecrucialforsecurity.Adjustingradiatedpowerthroughthepowerlevelcontrolswillassistinkeepingwirelesssignalsfrombeingbroadcastoutsideareasunderphysicalaccesscontrol.
MIMOMIMOisasetofmultiple-inputandmultiple-outputantennatechnologieswheretheavailableantennasarespreadoveramultitudeofindependentaccesspointseachhavingoneormultipleantennas.Thiscanenhancetheusablebandwidthanddatatransmissioncapacitybetweentheaccesspointanduser.ThereareawidevarietyofMIMOmethods,andthistechnology,onceconsideredcuttingedgeoradvanced,isbecomingmainstream.
PowerLevelControlsWi-Fipowerlevelscanbecontrolledbythehardwareforavarietyofreasons.Thelowerthepowerused,thelesstheopportunityforinterference.Butifthepowerlevelsaretoolow,thensignalstrengthlimitsrange.Accesspointscanhavethepowerlevelseteithermanuallyorviaprogrammaticcontrol.Formostusers,powerlevelcontrolsarenotveryuseful,andleavingtheunitindefaultmodeisthebestoption.Incomplexenterprisesetups,withsitesurveysandplannedoverlappingzones,thisaspectofsignalcontrolcanbeusedtoincreasecapacityandcontrolonthenetwork.
SiteSurveysWhendevelopingacoveragemapforacomplexbuildingsite,youneedtotakeintoaccountawidevarietyoffactors,particularlywalls,interferingsources,andfloorplans.Asitesurveyinvolvesseveralsteps:mappingthe
floorplan,testingforRFinterference,testingforRFcoverage,andanalysisofmaterialviasoftware.Thesoftwarecansuggestplacementofaccesspoints.AfterdeployingtheAPs,thesiteissurveyedagain,mappingtheresultsversusthepredicted,watchingsignalstrengthandsignal-to-noiseratios.Figure12.8illustrateswhatasitesurveylookslike.Thedifferentshadesindicatesignalstrength,showingwherereceptionisstrongandwhereitisweak.Sitesurveyscanbeusedtoensureavailabilityofwireless,especiallywhenit’scriticalforuserstohaveconnections.
•Figure12.8Examplesitesurvey
ExamTip:Wirelessnetworksaredependentuponradiosignalstofunction.Itisimportantto
understandthatantennatype,placement,andsitesurveysareusedtoensurepropercoverageofasite,includingareasblockedbywalls,interferingsignals,andechoes.
CaptivePortalsCaptiveportalreferstoaspecifictechniqueofusinganHTTPclienttohandleauthenticationonawirelessnetwork.Frequentlyemployedinpublichotspots,acaptiveportalopensawebbrowsertoanauthenticationpage.Thisoccursbeforetheuserisgrantedadmissiontothenetwork.Theaccesspointusesthissimplemechanismbyinterceptingallpacketsandreturningthewebpageforlogin.Theactualwebserverthatservesuptheauthenticationpagecanbeinawalled-offsectionofthenetwork,blockingaccesstotheInternetuntiltheusersuccessfullyauthenticates.
SecuringPublicWi-FiPublicWi-Fiisacommonperkthatsomefirmsprovidefortheircustomersandvisitors.WhenprovidingaWi-Fihotspot,evenfreeopen-to-the-publicWi-Fi,securityshouldstillbeaconcern.Oneoftheissuesassociatedwithwirelesstransmissionsisthattheyaresubjecttointerceptionbyanyonewithinrangeofthehotspot.Thismakesitpossibleforotherstointerceptandreadtrafficofanyoneusingthehotspot,unlessencryptionisused.Forthisreason,ithasbecomecommonpracticetousewirelesssecurity,evenwhentheintentistoopenthechannelforeveryone.Havingadefaultpassword,evenonethateveryoneknows,willmakeitsothatpeoplecannotobserveothertraffic.Thereisanentireopenwirelessmovement,designedaroundasharing
conceptthatpromotessharingoftheInternettoall.Forinformation,checkouthttps://openwireless.org.
MobileDevicesThissectionwillreviewalargenumberoftopicsspecifictomobile
devices.You’lllikelyfindthatthesecurityprinciplesyou’vealreadylearnedapplyandjustneedtobeadaptedtomobiletechnologies.Thisisoneofthefastest-changingareasofcomputersecuritybecausemobiletechnologyislikelythefastest-changingtechnology.
Althoughthedatatransmissionsbetweenmanymobiledevicesaresecuredviacarriermethods(GSM)anddevicemethods(RIMBlackberry),voicetransmissionshavebeeninterceptedandlaterusedtoembarrasstheparties.Third-partyvoiceencryptionmethodsexistforsmartphones,butareconsideredexpensiveanddifficulttodeploybymostpeople.Theyalsosufferfromtheproblemthatbothendsofaconversationneedthedevicetohaveasecuredcommunication.Asmoreandmorebusinessesfindvalueinsecuredvoicecommunications,thissolutionmaybecomemainstreaminthefuture.
Manymobiledeviceshavesignificantstoragecapacity,allowingthemtotransferfilesanddata.Datamustbeprotected,devicesmustbeproperlyconfigured,andgooduserhabitsmustbeencouraged.Thismakesmobiledevicesnodifferentfromanyothermobilemediasource,capableofcarryinganddeliveringviruses,worms,andotherformsofmalware.Theyarealsocapableofremovingdatafromwithinanetwork,inthecaseofaninsiderattack.MobiledevicesarealsocommonlyBluetoothenabled,makingvariouswirelessattacksagainstthedevicearisk.Onereasontoattackthemobiledeviceistouseittorelaytheattackontotheinternalnetworkwhenthedeviceissyncedup.BluetoothattacksarecoveredinChapter12.
MobileDeviceSecuritySecurityprinciplessimilartothoseapplicabletolaptopcomputersmustbefollowedwhenusingmobiledevicessuchassmartphonesandtabletcomputingdevices.Datamustbeprotected,devicesmustbeproperlyconfigured,andgooduserhabitsmustbeencouraged.Thischapterwillreviewalargenumberoftopicsspecifictomobiledevices.You’lllikelyfindthatthesecurityprinciplesyou’vealreadylearnedapplyandjustneed
tobeadaptedtomobiletechnologies.Thisisoneofthefastest-changingareasofcomputersecuritybecausemobiletechnologyislikelythefastest-changingtechnology.
FullDeviceEncryptionJustaslaptopcomputersshouldbeprotectedwithwholediskencryptiontoprotectthelaptopincaseoflossortheft,youmayneedtoconsiderencryptionformobiledevicesusedbyyourcompany’semployees.Mobiledevicesaremuchmorelikelytobelostorstolen,soyoushouldconsiderencryptingdataonyourdevices.Moreandmore,mobiledevicesareusedwhenaccessingandstoringbusiness-criticaldataorothersensitiveinformation.Protectingtheinformationonmobiledevicesisbecomingabusinessimperative.Thisisanemergingtechnology,soyou’llneedtocompletesomerigorousmarketanalysistodeterminewhatcommercialproductmeetsyourneeds.
RemoteWipingToday’smobiledevicesarealmostinnumerableandareverysusceptibletolossandtheft.Further,itisunlikelythatalostorstolendevicewillberecovered,thusmakingevenencrypteddatastoredonadevicemorevulnerabletodecryption.Ifthethiefcanhaveyourdeviceforalongtime,hecantakeallthetimehewantstotrytodecryptyourdata.Therefore,manycompaniesprefertojustremotelywipealostorstolendevice.Remotewipingamobiledevicetypicallyremovesdatastoredonthedeviceandresetsthedevicetofactorysettings.ThereisadilemmaintheuseofBYOD(bringyourowndevice)devicesthatstorebothpersonalandenterprisedata.Wipingthedeviceusuallyremovesalldata,bothpersonalandenterprise.Therefore,ifcorporatepolicyrequireswipingalostdevicethatmaymeanthedevice’suserlosespersonalphotosanddata.Thesoftwarecontrolsforseparatedatacontainers,oneforbusinessandoneforpersonal,areoneofthereasonsforenterprisestoadoptmobiledevicemanagement(MDM)solutions.
LockoutAuserlikelywilldiscoverinarelativelyshorttimethatthey’velosttheirdevice,soaquickwaytoprotecttheirdeviceistoremotelylockthedeviceassoonastheyrecognizeithasbeenlostorstolen.Severalproductsareavailableonthemarkettodaytohelpenterprisesmanagetheirdevices.Remotelockoutisusuallythefirststeptakeninsecuringamobiledevice.
Screen-locksMostcorporatepoliciesregardingmobiledevicesrequiretheuseofthemobiledevice’sscreen-lockingcapability.ThisusuallyconsistsofenteringapasscodeorPINtounlockthedevice.Itishighlyrecommendedthatscreenlocksbeenforcedforallmobiledevices.Yourpolicyregardingthequalityofthepasscodeshouldbeconsistentwithyourcorporatepasswordpolicy.However,manycompaniesmerelyenforcetheuseofscreen-locking.Thus,userstendtouseconvenientoreasy-to-rememberpasscodes.Somedevicesallowcomplexpasscodes.AsshowninFigure12.9,thedevicescreenontheleftsupportsonlyasimpleiOSpasscode,limitedtofournumbers,whilethedevicescreenontherightsupportsapasscodeofindeterminatelengthandcancontainalphanumericcharacters.
•Figure12.9iOSlockscreens
Somemoreadvancedformsofscreen-locksworkinconjunctionwithdevicewiping.Ifthepasscodeisenteredincorrectlyaspecifiednumberoftimes,thedeviceisautomaticallywiped.ThisisoneofthesecurityfeaturesofBlackBerrythathastraditionallymadeitofinteresttosecurity-conscioususers.ApplehasmadethisanoptiononneweriOSdevices.Applealsoallowsremotelockingofadevicefromtheuser’siCloudaccount.
TechTip
MobileDeviceSecurityMobiledevicesrequirebasicsecuritymechanismsofscreen-locks,lockouts,devicewiping,andencryptiontoprotectsensitiveinformationcontainedonthem.
GPSMostmobiledevicesarenowcapableofusingtheGlobalPositioningSystem(GPS)fortrackingdevicelocation.ManyappsrelyheavilyonGPSlocation,suchasdevice-locatingservices,mappingapps,trafficmonitoringapps,andappsthatlocatenearbybusinessessuchasgasstationsandrestaurants.Suchtechnologycanbeexploitedtotrackmovementlocationofthemobiledevice.Thistrackingcanbeusedtoassistintherecoveryoflostdevices.
StorageSegmentationOnmobiledevices,itcanbeverydifficulttokeeppersonaldataseparatefromcorporatedata.Somecompanieshavedevelopedcapabilitiestocreateseparatevirtualcontainerstokeeppersonaldataseparatefromcorporatedataandapplications.Fordevicesthatareusedtohandlehighly
sensitivecorporatedata,thisformofprotectionishighlyrecommended.
AssetControlBecauseeachusercanhavemultipledevicesconnectingtothecorporatenetwork,itisimportanttoimplementaviableassettrackingandinventorycontrolmechanism.Forsecurityandliabilityreasons,thecompanyneedstoknowwhatdevicesareconnectingtoitssystemsandwhataccesshasbeengranted.JustasinITsystems,maintainingalistofapproveddevicesisacriticalcontrol.
MobileDeviceManagementMobiledevicemanagement(MDM)isoneofthehottesttopicsindevicesecuritytoday.MDMbeganasamarketingtermforacollectivesetofcommonlyemployedprotectionelementsassociatedwithmobiledevices.Whenviewedasacomprehensivesetofsecurityoptionsformobiledevices,everycorporationshouldhaveandenforceanMDMpolicy.Thepolicyshouldrequire
Devicelockingwithastrongpassword
Encryptionofdataonthedevice
Devicelockingautomaticallyafteracertainperiodofinactivity
Thecapabilitytoremotelylockthedeviceifitislostorstolen
Thecapabilitytowipethedeviceautomaticallyafteracertainnumberoffailedloginattempts
Thecapabilitytoremotelywipethedeviceifitislostorstolen
Passwordpoliciesshouldextendtomobiledevices,includinglockoutand,ifpossible,theautomaticwipingofdata.Corporatepolicyfordataencryptiononmobiledevicesshouldbeconsistentwiththepolicyfordataencryptiononlaptopcomputers.Inotherwords,ifyoudon’trequireencryptionofportablecomputers,thenshouldyourequireitformobile
devices?Thereisnotauniformanswertothisquestion;mobiledevicesaremuchmoremobileinpracticethanlaptops,andmorepronetoloss.Thisisultimatelyariskquestionthatmanagementmustaddress:Whatistheriskandwhatarethecostsoftheoptionsemployed?Thisalsoraisesabiggerquestion:Whichdevicesshouldhaveencryptionasabasicsecurityprotectionmechanism?Isitbydevicetype,orbyuserbasedonwhatdatawouldbeexposedtorisk?Fortunately,MDMsolutionsexisttomakethechoicesmanageable.
ExamTip:Mobiledevicemanagement(MDM)isamarketingtermforacollectivesetofcommonlyemployedprotectionelementsassociatedwithmobiledevices.
DeviceAccessControlTheprinciplesofaccesscontrolformobiledevicesneedtobemanagedjustlikeaccesscontrolfromwiredorwirelessdesktopsandlaptops.ThiswillbecomemorecriticalasstorageinthecloudandSoftwareasaService(SaaS)becomemoreprevalent.Emergingtablet/mobiledevicesharingintendstoprovidetheuserwithaseamlessdataaccessexperienceacrossmanydevices.Dataaccesscapabilitieswillcontinuetoevolvetomeetthisneed.Rigorousdataaccessprinciplesneedtobeapplied,andtheybecomeevenmoreimportantwiththeinclusionofmobiledevicesasfullyfunctionalcomputingdevices.Whenreviewingpossiblesolutions,itisimportanttoconsiderseekingproofofsecurityandproceduresratherthanrelyingonmarketingbrochures.
RemovableStorageBecauseremovabledevicescanmovedataoutsideofthecorporate-controlledenvironment,theirsecurityneedsmustbeaddressed.Removabledevicescanbringunprotectedorcorrupteddataintothecorporateenvironment.Allremovabledevicesshouldbescannedby
antivirussoftwareuponconnectiontothecorporateenvironment.Corporatepoliciesshouldaddressthecopyingofdatatoremovabledevices.ManymobiledevicescanbeconnectedviaUSBtoasystemandusedtostoredata—andinsomecasesvastquantitiesofdata.Thiscapabilitycanbeusedtoavoidsomeimplementationsofdatalosspreventionmechanisms.
DisablingUnusedFeaturesAswithallcomputingdevices,featuresthatarenotusedorthatpresentasecurityriskshouldbedisabled.Bluetoothaccessisparticularlyproblematic.ItisbesttomakeBluetoothconnectionsundiscoverable.But,userswillneedtoenableittopairwithanewheadsetorcarconnection,forexample.RequiringBluetoothconnectionstobeundiscoverableisveryhardtoenforcebutshouldbeencouragedasabestpractice.UsersshouldreceivetrainingastotherisksofBluetooth—notsotheyavoidBluetooth,butsotheyunderstandwhentheyshouldturnitoff.Havingamobiledevicewithaccesstosensitiveinformationcarrieswithitalevelofresponsibility.Helpingusersunderstandthisandactaccordinglycangoalongwaytowardsecuringmobiledevices.
BYODConcernsPermittingemployeesto“bringyourowndevice”(BYOD)hasmanyadvantagesinbusiness,andnotjustfromtheperspectiveofdevicecost.Userstendtopreferhavingasingledeviceratherthancarryingmultipledevices.Usershavelessofalearningcurveondevicestheyalreadyhaveaninterestinlearning.
DataOwnershipBYODblursthelinesofdataownershipbecauseitblursthelinesofdevicemanagement.Ifacompanyownsasmartphoneissuedtoanemployee,thecompanycanrepossessthephoneuponemployee
termination.Thispracticemayprotectcompanydatabykeepingthecompany-issueddevicesinthehandsofemployeesonly.However,acompanycannotrelyonasimplefactoryresetbeforereissuingadevice,becausefactoryresettingmaynotremoveallthedataonthedevice.Ifadeviceisreissued,itispossiblethatsomeofthepreviousowner’spersonalinformation,suchasprivatecontacts,stillremainsonthedevice.Ontheotherhand,iftheemployee’sdeviceisapersonaldevicethathasbeenusedforbusinesspurposes,uponterminationoftheemployee,itislikelythatsomecompanydataremainsonthephonedespitethecompany’sbesteffortstoremoveitsdatafromthedevice.Ifthatdeviceisresoldorrecycled,thecompany’sdatamayremainonthedeviceandbepassedontothesubsequentowner.Keepingbusinessdatainseparate,MDM-managedcontainersisonemethodofdealingwiththisissue.
TechTip
BYODConcernsThereisadilemmaintheuseofBYODdevicesthatstorebothpersonalandenterprisedata.Wipingthedeviceusuallyremovesalldata,bothpersonalandenterprise.Therefore,ifcorporatepolicyrequireswipingalostdevice,thatpolicymaymeanthedevice’suserlosespersonalphotosanddata.Thesoftwarecontrolsforseparatedatacontainers,oneforbusinessandoneforpersonal,havebeenproposedbutarenotamainstreamoptionyet.
StorageSegmentationOnmobiledevices,itcanbeverydifficulttokeeppersonaldataseparatefromcorporatedata.Somecompanieshavedevelopedcapabilitiestocreateseparatevirtualcontainerstokeeppersonaldataseparatefromcorporatedataandapplications.Fordevicesthatareusedtohandlehighlysensitivecorporatedata,thisformofprotectionishighlyrecommended.
SupportOwnershipSupportcostsformobiledevicesareanimportantconsiderationfor
corporations.Eachdevicehasitsownimplementationofvariousfunctions.Whilethosefunctionstypicallyareimplementedagainstaspecification,softwareimplementationsmaynotfullyorproperlyimplementthespecification.Thismayresultinincreasedsupportcallstoyourhelpdeskorsupportorganization.Itisverydifficultforacorporatehelpdesktobeknowledgeableonallaspectsofallpossibledevicesthataccessacorporatenetwork.Forexample,yoursupportorganizationmustbeabletotroubleshootiPhones,Androiddevices,tablets,andsoforth.Thesedevicesareupdatedfrequently,newdevicesarereleased,andnewcapabilitiesareaddedonaregularbasis.Yoursupportorganizationwillneedviableknowledgebasearticlesandjobaidsinordertoprovidesufficientsupportforthewidevarietyofever-changingdevices.
PatchManagementJustasyourcorporatepolicyshouldenforcethepromptupdateofdesktopandlaptopcomputerstohelpeliminatesecurityvulnerabilitiesonthoseplatforms,itshouldalsorequiremobiledevicestobekeptcurrentwithrespecttopatches.Havingthelatestapplications,operatingsystem,andsoonisanimportantbestdefenseagainstviruses,malware,andotherthreats.Itisimportanttorecognizethat“jailbreaking”or“rooting”yourdevicemayremovethemanufacturer’ssecuritymechanismsandprotectionagainstmalwareandotherthreats.ThesedevicesmayalsonolongerbeabletoupdatetheirapplicationsorOSagainstknownissues.Jailbreakingorrootingisalsoamethodusedtobypasssecuritymeasuresassociatedwiththedevicemanufacturercontrol,andinsomelocations,thiscanbeillegal.Mobiledevicesthatarejailbrokenorrootedshouldnotbetrustedonyourenterprisenetworkorallowedtoaccesssensitivedata.
AntivirusManagementJustlikedesktopandlaptopcomputers,smartphones,tablets,andothermobiledevicesneedprotectionagainstvirusesandmalware.Itisimportantthatcorporatepolicyandpersonalusagekeepoperatingsystemsandapplicationscurrent.Antivirusandmalwareprotectionshouldbe
employedaswidelyaspossibleandkeptup-to-dateagainstcurrentthreats.
ForensicsMobiledeviceforensicsisarapidlyevolvingandfast-changingfield.Becausedevicesareevolvingsoquicklyandchangingsofast,itisdifficulttostaycurrentinthisfield.Solidforensicsprinciplesshouldalwaysbefollowed.DevicesshouldbeproperlyhandledbyusingRF-shieldedbagsorcontainers.Becauseoftherapidchangesinthisarea,it’sbesttoengagethehelpoftrainedforensicspecialiststoensuredataisn’tcontaminatedandthedevicestateandmemoryareunaltered.Ifforensicsareneededonadevicethathasbothpersonalandbusinessdata,thenpoliciesneedtobeinplacetocovertheappropriateprivacyprotectionsonthepersonalsideofthedevice.
PrivacyWhenanemployeeuseshispersonaldevicetoperformhisworkforthecompany,hemayhavestrongexpectationsthatprivacywillbeprotectedbythecompany.Thecompanypolicyneedstoconsiderthisandaddressitexplicitly.Oncompany-owneddevices,it’squiteacceptableforthecompanytoreservetherighttoaccessandwipeanycompanydataonthedevice.Thecompanycanthusstatethattheusercanhavenoexpectationofprivacywhenusingacompanydevice.Butwhenthedeviceisapersonaldevice,theusermayfeelstrongerownership.Expectationsofprivacyanddataaccessonpersonaldevicesshouldbeincludedinyourcompanypolicy.
On-boardCamera/VideoManymobiledevicesincludeon-boardcameras,andthephotos/videostheytakecandivulgeinformation.Thisinformationcanbeassociatedwithanythingthecameracanimage—whiteboards,documents,eventhelocationofthedevicewhenthephoto/videowastakenviageo-tagging.Anotherchallengepresentedbymobiledevicesisthepossibilitythatthey
willbeusedforillegalpurposes.Thiscancreateliabilityforthecompanyifitisacompany-owneddevice.Despiteallthepotentiallegalconcerns,possiblythegreatestconcernofmobiledeviceusersisthattheirpersonalphotoswillbelostduringadevicewipeoriginatedbythecompany.
On-boarding/Off-boardingMostcompaniesandindividualsfinditrelativelyeasytoconnectmobiledevicestothecorporatenetwork.OftentherearenotcontrolsaroundconnectingadeviceotherthanhavingaMicrosoftExchangeaccount.Whennewemployeesjoinacompany,theon-boardingprocessesneedtoincludeprovisionsformobiledeviceresponsibilities.Itiseasyfornewemployeestobypasssecuritymeasuresiftheyarenotpartofthebusinessprocessofon-boarding.Employeeterminationneedstobemodifiedtoincludeterminationof
accountsonmobiledevices.It’snotuncommontofindterminatedemployeeswithaccountsorevencompanydevicesstillconnectingtothecorporatenetworkmonthsafterbeingterminated.E-mailaccountsshouldberemovedpromptlyaspartoftheemployeeterminationpolicyandprocess.Mobiledevicessuppliedbythecompanyshouldbecollectedupontermination.BYODequipmentshouldhaveitsaccesstocorporateresourcesterminatedaspartoftheoff-boardingprocess.Regularauditsforoldorunterminatedaccountsshouldbeperformedtoensurepromptdeletionofaccountsforterminatedemployees.
AdherencetoCorporatePoliciesYourcorporatepoliciesregardingBYODdevicesshouldbeconsistentwithyourexistingcomputersecuritypolicies.Yourtrainingprogramsshouldincludeinstructiononmobiledevicesecurity.Disciplinaryactionsshouldbeconsistent.Yourmonitoringprogramsshouldbeenhancedtoincludemonitoringandcontrolofmobiledevices.
UserAcceptance
BYODinherentlycreatesaconflictbetweenpersonalandcorporateinterests.Anemployeewhousesherowndevicetoconductcorporatebusinessinherentlyfeelsstrongownershipoverthedeviceandmayresentcorporatedemandstocontrolcorporateinformationdownloadedtothedevice.Ontheotherhand,thecorporationexpectsthatcorporatedatabeproperlycontrolledandprotectedandthusdesirestoimposeremotewipingorlockoutrequirementsinordertoprotectcorporatedata.Anindividualwholosesherpersonalphotosfromaspecialeventwilllikelyharborillfeelingstowardthecorporationifitwipesherdevice,includingthoseirreplaceablephotos.YourcorporateBYODpolicyneedstobewelldefined,approvedbythecorporatelegaldepartment,andclearlycommunicatedtoallemployeesthroughtraining.
Architecture/InfrastructureConsiderationsMobiledevicesconsumeconnectionstoyourcorporateITinfrastructure.Itisnotunusualnowforasingleindividualtobeconnectedtothecorporateinfrastructurewithoneormoresmartphones,tablets,andlaptopordesktopcomputers.Someinfrastructureimplementationsinthepasthavenotbeenefficientintheirdesign,sometimesconsumingmultipleconnectionsforasingledevice.Thiscanreducethenumberofavailableconnectionsforotherendusers.Itisrecommendedthatloadtestingbeperformedtoensurethatyourdesignorexistinginfrastructurecansupportthepotentiallylargenumberofconnectionsfrommultipledevices.Multipleconnectionscanalsocreatesecurityissueswhenthesystem
tracksuseraccountsagainstmultipleconnections.Userswillneedtobeawareofthis,sothattheydon’tinadvertentlycreateincidentresponsesituationsorfindthemselveslockedoutbytheirownactions.Thiscanbeatrickyissuerequiringabitmoreintelligentdesignthanthetraditionalphilosophyofoneuseridequalsonecurrentconnection.
LegalConcernsItshouldbeapparentfromthevarioustopicsdiscussedinthischapterthattherearemanysecuritychallengespresentedbymobiledevicesusedfor
corporatebusiness.Becausethetechnologyisrapidlychanging,it’sbesttomakesureyouhavesolidlegalreviewofpolicies.Therearebothlegalandpublicrelationconcernswhenitcomestomobiledevices.Employeeswhousebothcompany-ownedandpersonaldeviceshaveresponsibilitieswhencompanydataisinvolved.Policiesandproceduresshouldbereviewedonaregularbasistostaycurrentwithtechnology.Anotherchallengepresentedbymobiledevicesisthepossibilitythat
theywillbeusedforillegalpurposes.Thiscancreateliabilityforthecompanyifitisacompany-owneddevice.
AcceptableUsePolicySimilartoyouracceptableusepoliciesforlaptopsanddesktops,yourmobiledevicepoliciesshouldaddressacceptableuseofmobileorBYODdevices.Authorizedusageofcorporatedevicesforpersonalpurposesshouldbeaddressed.Disciplinaryactionsforviolationofmobiledevicepoliciesshouldbedefined.BYODoffersboththecompanyandtheuseradvantages;ramificationsshouldbespecificallyspelledout,alongwiththespecificuserresponsibilities.
ExamTip:Mobiledevicesoffermanyusabilityadvantagesacrosstheenterprise,andtheycanbemanagedsecurelywiththehelpofsecurity-conscioususers.Securitypoliciescangoalongwaytowardassistingusersinunderstandingtheirresponsibilitiesassociatedwithmobiledevicesandsensitivedata.
LocationServicesMobiledevicesbytheirspecificnaturecanmove,andhencelocationofthedevicecanhavesignificantramificationswithrespecttoitsuse.MobiledevicescanconnecttomultiplepublicWi-Filocations,andtheycanprovideuserswithnavigationandotherlocationcontext-sensitiveinformation,suchasalocalsale.Toenablethisfunctionality,location
servicesareasetoffunctionstoenable,yetcontrol,thelocationinformationpossessedbythedevice.
Geo-TaggingGeo-taggingisthepostingoflocationinformationintoadatastreamsignifyingwherethedevicewaswhenthestreamwascreated.Asmanymobiledevicesincludeon-boardcameras,andthephotos/videostheytakecandivulgeinformation,geo-taggingcanmakelocationpartofanypictureorvideo.Thisinformationcanbeassociatedwithanythingthecameracanimage—whiteboards,documents,eventhelocationofthedevicewhenthephoto/videowastakenviageo-tagging.Postingphotoswithgeo-tagsembeddedinthemhasitsuse,butitcan
alsounexpectedlypublishinformationthatusersmaynotwanttoshare.Forexample,ifyouuseyoursmartphonetotakeaphotoofyourcarinthedrivewayandthenpostthephotoontheInternetinanattempttosellyourcar,ifgeo-taggingwasenabledonthesmartphone,thelocationofwherethephotowastakenisembeddedasmetadatainthedigitalphoto.Suchapostingcouldinadvertentlyexposewhereyourhomeislocated.Somesocialmediaapplicationsstripoutthemetadataonaphotobeforeposting,butthentheypostwhereyouposteditfrominthepostingitself.Therehasbeenmuchpublicdiscussiononthistopic,andgeo-taggingcanbedisabledonmostmobiledevices.Itisrecommendedthatitbedisabledunlessyouhaveaspecificreasonforhavingthelocationinformationembeddedinthephoto.
MobileApplicationSecurityDevicesarenottheonlyconcerninthemobileworld.Applicationsthatrunonthedevicesalsorepresentsecuritythreatstotheinformationthatisstoredonandprocessedbythedevice.Applicationsarethesoftwareelementsthatcanbeusedtoviolatesecurity,evenwhentheuserisnotaware.Manygamesandutilitiesoffervaluetotheuser,butatthesametimetheyscrapeinformationstoresonthedeviceforinformation.
ApplicationControlMostmobiledevicevendorsprovidesomekindofappstoreforfindingandpurchasingappsfortheirmobiledevices.Thevendorsdoareasonablejobofmakingsurethatofferedappsareapprovedanddon’tcreateanovertsecurityrisk.Yetmanyappsrequestaccesstovariousinformationstoresonthemobiledeviceaspartoftheirbusinessmodel.Understandingwhataccessisrequestedandapproveduponinstallationofappsisanimportantsecurityprecaution.Yourcompanymayhavetorestrictthetypesofappsthatcanbedownloadedandusedonmobiledevices.Ifyouneedverystrongprotection,yourcompanycanbeveryproactiveandprovideanenterpriseappstorewhereonlycompany-approvedappsareavailable,withacorrespondingpolicythatappscannotbeobtainedfromanyothersource.
KeyandCredentialManagementTheMDMmarketplaceismaturingquickly.KeyandcredentialmanagementservicesarebeingintegratedintomostMDMservicestoensurethatexistingstrongpoliciesandprocedurescanbeextendedtomobileplatformssecurely.TheseservicesincludeprotectionofkeysfordigitalsignaturesandS/MIMEencryptionanddecryption.Keysandcredentialsareamongthehighest-valueitemsthatcanbefoundonmobiledevices,soensuringprotectionforthemisakeyelementinmobiledevicesecurity.Thekeysandcredentialsstoredonthedevicecanbeusedbymultipleapplications.Providingprotectionofthesekeyswhilestillmaintainingusabilityofthemisanessentialelementofmodernmobileapplicationsecurity.
AuthenticationWhenmobiledevicesareusedtoaccessbusinessnetworks,authenticationbecomesanissue.Thereareseverallevelsofauthenticationthatcanbeanissue.Isthedeviceallowedtoaccessthenetwork?Istheuserofthedeviceanetworkuser?Ifso,howdoyouauthenticatetheuser?Mobiledevices
havesomeadvantagesinthattheycanstorecertificates,whichbytheirverynaturearemoresecurethanpasswords.Thismovestheauthenticationproblemtotheendpoint,whereitreliesonpasscodes,screen-locks,andothermobiledeviceprotections.Thesecanberelativelyweakunlessstructuredtogether,includingwipingafteralimitednumberoffailures.Theriskinmobileauthenticationisthatstrongcredentialsstoredinthedeviceareprotectedbythelessrigorouspasscodeandtheenduser.Enduserscansharetheirmobiledevices,andbyproxyunwittinglysharetheirstrongcorporateauthenticationcodes.
ApplicationWhitelistingAsdiscussedinthe“ApplicationControl”sectionearlierinthechapter,controllingwhatapplicationsadevicecanaccessmaybeanimportantelementofyourcompany’smobiledevicepolicy.Applicationwhitelistingandblacklistingenablesyoutocontrolandblockapplicationsavailableonthemobiledevice.ThisisusuallyadministeredthroughsometypeofMDMcapability.Applicationwhitelistingcanimprovesecuritybypreventingunapprovedapplicationsfrombeinginstalledandrunonthedevice.
EncryptionJustasthedeviceshouldbeencrypted,therebyprotectingallinformationonthedevice,applicationsshouldbeencryptedaswell.Justemployingencryptionforthedatastoreisnotsufficient.Ifthedeviceisfullyencrypted,thenallappswouldhavetohaveaccesstothedata,inessencebypassingtheencryptionfromanapppointofview.Appswithsensitiveinformationshouldcontrolaccessviatheirownsetofprotections.Theonlywaytosegregatedatawithinthedeviceisforappstomanagetheirowndatastoresthroughapp-specificencryption.Thiswillallowsensitivedatatobeprotectedfromrogueapplicationsthatwouldleakdataifuniformaccesswasallowed.
TransitiveTrust/AuthenticationSecurityacrossmultipledomains/platformsisprovidedthroughtrustrelationships.Whentrustrelationshipsbetweendomainsorplatformsexist,authenticationforeachdomaintruststheauthenticationforallothertrusteddomains.Thuswhenanapplicationisauthenticated,itsauthenticationisacceptedbyallotherdomains/platformsthattrusttheauthenticatingdomainorplatform.Trustrelationshipscanbeverycomplexinmobiledevices,andoftensecurityaspectsaren’tproperlyimplemented.Mobiledevicestendtobeusedacrossnumeroussystems,includingbusiness,personal,public,andprivate.Thisgreatlyexpandstheriskprofileandopportunityfortransitivetrust–basedattacks.Aswithallotherapplications,mobileapplicationsshouldbecarefullyreviewedtoensurethattrustrelationshipsaresecure.
Chapter12Review
ChapterSummaryAfterreadingthischapterandcompletingtheexercises,youshouldunderstandthefollowingaboutwirelesssecurityandmobiledevices.
Describethedifferentwirelesssystemsinusetoday
WirelessApplicationProtocol(WAP)isusedonsmall,handhelddeviceslikecellphonesforout-of-the-officeconnectivity.
802.11istheIEEEstandardforwirelesslocalareanetworks.Thestandardincludesseveraldifferentspecificationsof802.11networks,suchas802.11b,802.11a,802.11g,and802.11n.
DetailWAPanditssecurityimplications
WAPisthedataprotocolusedbymanycellularphonestodelivere-mailandlightweightwebservices.
DesignerscreatedWTLSasamethodtoensureprivacyofdatabeingbroadcastoverWAP.
WTLShasanumberofinherentsecurityproblems,suchasweakencryptionnecessitatedbythelowcomputingpowerofthedevicesandthenetworktransitionthatmustoccuratthecellularprovider’snetwork,ortheWAPgap.
Identify802.11’ssecurityissuesandpossiblesolutions
802.11doesnotallowphysicalcontrolofthetransportmechanism.
Transmissionofallnetworkdatawirelesslytransmitsframestoallwirelessmachines,notjustasingleclient,similartoEthernethubdevices.
PoorauthenticationiscausedbytheSSIDbeingbroadcasttoanyonelistening.
FlawedimplementationoftheRC4encryptionalgorithmmakesevenencryptedtrafficsubjecttointerceptionanddecryption.
Examinetheelementsneededforenterprisewirelessdeployment
Wirelesscoveragecanbeafunctionofantennatype,placement,andpowerlevels.
Captiveportalscanbeusedtocontrolaccesstowirelesssystems.
Examinethesecurityofmobilesystems
Mobiledeviceshavespecificsecurityconcernsandspecificcontrolstoassistinsecuringthem.
BYODhasitsownconcernsandpoliciesandprocedurestomanagemobiledevicesintheenterprise.
Mobileapplicationsrequiresecurity,andtheissuesassociatedwithmobile,apps,andsecurityneedtobeaddressed.
KeyTerms2.4GHzband(344)5GHzband(348)beaconframes(349)bluebugging(346)bluejacking(345)bluesnarfing(346)BluetoothDOS(346)captiveportal(362)confidentiality(340)direct-sequencespreadspectrum(DSSS)(348)eviltwin(352)geo-tagging(370)IEEE802.1X(357)IEEE802.11(337)initializationvector(IV)(340)jailbreaking(367)MACfiltering(359)MIMO(361)mobiledevicemanagement(MDM)(365)nearfieldcommunication(NFC)(347)orthogonalfrequencydivisionmultiplexing(OFDM)(348)RC4streamcipher(350)remotewiping(363)rogueaccesspoint(352)screenlocking(363)servicesetidentifier(SSID)(349)
sitesurvey(361)TemporalKeyIntegrityProtocol(TKIP)(355)WAPgap(341)Wi-FiProtectedAccess2(WPA2)(355)WiMax(337)WiredEquivalentPrivacy(WEP)(350)WirelessApplicationProtocol(WAP)(339)WirelessTransportLayerSecurity(WTLS)(340)ZigBee(337)
KeyTermsQuizUsetermsfromtheKeyTermslisttocompletethesentencesthatfollow.Don’tusethesametermmorethanonce.Notalltermswillbeused.
1.AnAPuses_______________toadvertiseitsexistencetopotentialwirelessclients.
2.The_______________isthepartoftheRC4cipherthathasaweakimplementationinWEP.
3.Twocommonmobiledevicesecuritymeasuresare_______________and_______________.
4.WAPusesthe_______________protocoltoattempttoensureconfidentialityofdata.
5.The32-characteridentifierattachedtotheheaderofapacketusedforauthenticationtoan802.11accesspointisthe_______________.
6._______________isafeaturethatcandiscloseauser’spositionwhensharingphotos.
7.802.11iupdatestheflawedsecuritydeployedin_______________.8.Thestandardforwirelesslocalareanetworksiscalled
_______________.
9.Thetypeofapplicationusedtocontrolsecurityacrossmultiplemobiledevicesinanenterpriseiscalled_______________.
10.802.11ausesfrequenciesinthe_______________.
Multiple-ChoiceQuiz1.Bluebuggingcangiveanattackerwhat?
A.Allofyourcontacts
B.Theabilitytosend“shock”photos
C.Totalcontroloveramobilephone
D.Avirus
2.Howdoes802.11nimprovenetworkspeed?A.Widerbandwidth
B.Higherfrequency
C.Multiple-inputmultiple-output(MIMO)
D.BothAandC
3.WTLSensuresintegritythroughwhatdevice?A.Publickeyencryption
B.Messageauthenticationcodes
C.SourceIP
D.Digitalsignatures
4.WEPhasusedanimplementationofwhichofthefollowingencryptionalgorithms?
A.SHA
B.ElGamal
C.RC4
D.Triple-DES
5.WhatelementdoesnotbelonginamobiledevicesecuritypolicyinanenterpriseemployingBYOD?
A.Separationofpersonalandbusiness-relatedinformation
B.Remotewiping
C.Passwordsandscreen-locking
D.Mobiledevicecarrierselection
6.Whatisbluejacking?A.Stealingaperson’smobilephone
B.SendinganunsolicitedmessageviaBluetooth
C.BreakingaWEPkey
D.LeavingyourBluetoothindiscoverablemode
7.WhiletheSSIDprovidessomemeasureofauthentication,whyisitnotveryeffective?
A.Itisdictatedbythemanufactureroftheaccesspoint.
B.Itisencrypted.
C.Itisbroadcastineverybeaconframe.
D.SSIDisnotanauthenticationfunction.
8.The802.1XprotocolisaprotocolforEthernet:A.Authentication
B.Speed
C.Wireless
D.Cabling
9.WhatisthebestwaytoavoidproblemswithBluetooth?A.Keeppersonalinfooffyourphone
B.KeepBluetoothdiscoverabilityoff
C.Buyanewphoneoften
D.Encryption
10.Whyisattackingwirelessnetworkssopopular?A.Therearemorewirelessnetworksthanwired.
B.TheyallrunWindows.
C.It’seasy.
D.It’smoredifficultandmoreprestigiousthanothernetworkattacks.
EssayQuiz1.Produceareportonwhysensitiveinformationshouldnotbesent
overtheWirelessApplicationProtocol.
2.Whenyouwanttostartscanningforroguewirelessnetworks,yoursupervisorasksyoutowriteamemodetailingthethreatsofroguewirelessaccesspoints.Whatinformationwouldyouincludeinthememo?
3.Writeasecuritypolicyforcompany-ownedcellphonesthatusetheBluetoothprotocol.
4.Writeamemorecommendingupgradingyourorganization’sold
802.11binfrastructuretoan802.11i-compliantnetwork,anddetailthesecurityenhancements.
LabProjects
•LabProject12.1SetupNetStumblerorKismetonacomputer,andthenuseittofindwirelessaccesspoints.Youwillneedthefollowing:
AlaptopwithWindowsorLinuxinstalled
Acompatiblewireless802.11networkadapterThendothefollowing:1.DownloadNetStumblerfromwww.netstumbler.comorKismetfrom
www.kismetwireless.net.2.ForNetStumbler,runtheWindowsInstaller.ForKismet,untarthesourcefileandthen
execute,inorder,./configure,make,andmakeinstall.
3.Starttheprogramandmakesurethatitseesyourwirelessadapter.4.Takethelaptoponyournormalcommute(ordrivearoundyourneighborhood)with
NetStumbler/Kismetrunning.
5.Loganyaccesspointsyoudetect.
•LabProject12.2AttempttoscantheareaforBluetoothdevices.YouwillneedacellphonewithBluetoothinstalledoracomputerwithaBluetoothadapter.Thendothefollowing:
1.Ifyou’reusingaPC,downloadBlueScannerfromSourceForgeathttp://sourceforge.net/projects/bluescanner/.
2.Takeyourphoneorcomputertoaplacewithmanypeople,suchasacafé.
3.StarttheprogramandmakesurethatitseesyourBluetoothadapter.4.AttempttoscanforvulnerableBluetoothdevices.
5.Ifyou’reusingyourphone,tellittoscanforBluetoothdevices.Anydevicesthatyoufindarerunningin“discoverable”modeandarepotentiallyexploitable.
chapter13 IntrusionDetectionSystemsandNetwork
Security
Oneperson’s“paranoia”isanotherperson’s“engineeringredundancy.”
—MARCUSJ.RANUM
A
Inthischapter,youwilllearnhowto
Applytheappropriatenetworktoolstofacilitatenetworksecurity
Determinetheappropriateuseoftoolstofacilitatenetworksecurity
Applyhost-basedsecurityapplications
nintrusiondetectionsystem(IDS)isasecuritysystemthatdetectsinappropriateormaliciousactivityonacomputerornetwork.Mostorganizationsusetheirownapproachestonetworksecurity,choosing
thelayersthatmakesenseforthemaftertheyweighrisks,potentialsforloss,costs,andmanpowerrequirements.Thefoundationforalayerednetworksecurityapproachusuallystarts
withawell-securedsystem,regardlessofthesystem’sfunction(whetherit’sauserPCoracorporatee-mailserver).Awell-securedsystemusesup-to-dateapplicationandoperatingsystempatches,requireswell-chosenpasswords,runstheminimumnumberofservicesnecessary,andrestrictsaccesstoavailableservices.Ontopofthatfoundation,youcanaddlayersofprotectivemeasuressuchasantivirusproducts,firewalls,sniffers,andIDSs.Someofthemorecomplicatedandinterestingtypesofnetwork/data
securitydevicesareIDSs,whicharetothenetworkworldwhatburglaralarmsaretothephysicalworld.ThemainpurposeofanIDSistoidentifysuspiciousormaliciousactivity,noteactivitythatdeviatesfromnormalbehavior,catalogandclassifytheactivity,and,ifpossible,respondtotheactivity.
HistoryofIntrusionDetectionSystemsLikemuchofthenetworktechnologyweseetoday,IDSsgrewfromaneedtosolvespecificproblems.LiketheInternetitself,theIDSconceptcamefromU.S.DepartmentofDefense–sponsoredresearch.Intheearly
1970s,theU.S.governmentandmilitarybecameincreasinglyawareoftheneedtoprotecttheelectronicnetworksthatwerebecomingcriticaltodailyoperations.
EarlyHistoryofIDSIn1972,JamesAndersonpublishedapaperfortheU.S.AirForceoutliningthegrowingnumberofcomputersecurityproblemsandtheimmediateneedtosecureAirForcesystems(JamesP.Anderson,“ComputerSecurityTechnologyPlanningStudyVolume2,”October1972,http://seclab.cs.ucdavis.edu/projects/history/papers/ande72.pdf).Andersoncontinuedhisresearchandin1980publishedafollow-uppaperoutliningmethodstoimprovesecurityauditingandsurveillancemethods(“ComputerSecurityThreatMonitoringandSurveillance,”April15,1980,http://csrc.nist.gov/publications/history/ande80.pdf).Inthispaper,Andersonpioneeredtheconceptofusingsystemauditfilestodetectunauthorizedaccessandmisuse.Healsosuggestedtheuseofautomateddetectionsystems,whichpavedthewayformisusedetectiononmainframesystemsinuseatthetime.WhileAnderson’sworkgottheeffortsstarted,theconceptofareal-time,rule-basedIDS
didn’treallyexistuntilDorothyDenningandPeterNeumanndevelopedthefirstreal-timeIDSmodel,called“TheIntrusionDetectionExpertSystem(IDES),”fromtheirresearchbetween1984and1986.In1987,Denningpublished“AnIntrusion-DetectionModel,”apaperthatlaidoutthemodelonwhichmostmodernIDSsarebased(andwhichappearsinIEEETransactionsonSoftwareEngineering,Vol.SE-13,No.2[February1987]:222—232).
TheU.S.governmentcontinuedtofundresearchthatledtoprojectssuchasDiscovery,Haystack,MulticsIntrusionDetectionandAlertingSystem(MIDAS),andNetworkAuditDirectorandIntrusionReporter(NADIR).Finally,in1989,HaystackLabsreleasedStalker,thefirstcommercialIDS.Stalkerwashost-basedandworkedbycomparingauditdatatoknownpatternsofsuspiciousactivity.Whilethemilitaryandgovernmentembracedtheconcept,thecommercialworldwasveryslowtoadoptIDSproducts,anditwasseveralyearsbeforeothercommercialproductsbegantoemerge.Intheearlytomid-1990s,ascomputersystemscontinuedtogrow,
companiesstartedtorealizetheimportanceofIDSs;however,thesolutionsavailablewerehost-basedandrequiredagreatdealoftimeandmoneytomanageandoperateeffectively.Focusbegantoshiftawayfromhost-basedsystems,andnetwork-basedIDSsbegantoemerge.In1995,WheelGroupwasformedinSanAntonio,Texas,todevelopthefirst
commercialnetwork-basedIDSproduct,calledNetRanger.NetRangerwasdesignedtomonitornetworklinksandthetrafficmovingacrossthelinkstoidentifymisuseaswellassuspiciousandmaliciousactivity.NetRanger’sreleasewasquicklyfollowedbyInternetSecuritySystems’RealSecurein1996.SeveralotherplayersfollowedsuitandreleasedtheirownIDSproducts,butitwasn’tuntilthenetworkinggiantCiscoSystemsacquiredWheelGroupinFebruary1998thatIDSswererecognizedasavitalpartofanynetworksecurityinfrastructure.Figure13.1offersatimelineforthesedevelopments.
•Figure13.1HistoryoftheInternetandIDS
IDSOverviewAsmentioned,anIDSissomewhatlikeaburglaralarm.Itwatchestheactivitygoingonarounditandtriestoidentifyundesirableactivity.IDSsaretypicallydividedintotwomaincategories,dependingonhowtheymonitoractivity:
ExamTip:Knowthedifferencesbetweenhost-basedandnetwork-basedIDSs.Ahost-basedIDSrunsonaspecificsystem(serverorworkstation)andlooksatalltheactivityonthathost.Anetwork-basedIDSsniffstrafficfromthenetworkandseesonlyactivitythatoccursonthenetwork.
Host-basedIDS(HIDS)Examinesactivityonanindividualsystem,suchasamailserver,webserver,orindividualPC.Itisconcernedonlywithanindividualsystemandusuallyhasnovisibilityintotheactivityonthenetworkorsystemsaroundit.
Network-basedIDS(NIDS)Examinesactivityonthenetworkitself.Ithasvisibilityonlyintothetrafficcrossingthenetworklinkitismonitoringandtypicallyhasnoideaofwhatishappeningonindividualsystems.
Whetheritisnetwork-orhost-based,anIDStypicallyconsistsofseveralspecializedcomponentsworkingtogether,asillustratedinFigure13.2.Thesecomponentsareoftenlogicalandsoftware-basedratherthanphysicalandwillvaryslightlyfromvendortovendorandproducttoproduct.Typically,anIDShasthefollowinglogicalcomponents:
•Figure13.2LogicaldepictionofIDScomponents
Trafficcollector(orsensor)Collectsactivity/eventsfortheIDStoexamine.OnaHIDS,thiscouldbelogfiles,auditlogs,ortrafficcomingtoorleavingaspecificsystem.OnaNIDS,thisistypicallyamechanismforcopyingtrafficoffthenetworklink—basicallyfunctioningasasniffer.Thiscomponentisoftenreferredtoasasensor.
AnalysisengineExaminesthecollectednetworktrafficandcomparesittoknownpatternsofsuspiciousormaliciousactivitystoredinthesignaturedatabase.Theanalysisengineisthe“brains”oftheIDS.
SignaturedatabaseAcollectionofpatternsanddefinitionsofknownsuspiciousormaliciousactivity.
UserinterfaceandreportingInterfaceswiththehumanelement,
providingalertswhenappropriateandgivingtheuserameanstointeractwithandoperatetheIDS.
TechTip
IDSSignaturesAnIDSreliesheavilyonitssignaturedatabasejustlikeantivirusproductsrelyontheirvirusdefinitions.Ifanattackissomethingcompletelynew,anIDSmaynotrecognizethetrafficasmalicious.
Let’slookatanexampletoseehowallthesecomponentsworktogether.Imagineanetworkintruderisscanningyourorganizationforsystemsrunningawebserver.TheintruderlaunchesaseriesofnetworkprobesagainsteveryIPaddressinyourorganization.Thetrafficfromtheintrudercomesintoyournetworkandpassesthroughthetrafficcollector(sensor).Thetrafficcollectorforwardsthetraffictotheanalysisengine.Theanalysisengineexaminesandcategorizesthetraffic—itidentifiesalargenumberofprobescomingfromthesameoutsideIPaddress(theintruder).Theanalysisenginecomparestheobservedbehavioragainstthesignaturedatabaseandgetsamatch.Theintruder’sactivitymatchesaTCPportscan.Theintruderissendingprobestomanydifferentsystemsinashortperiodoftime.Theanalysisenginegeneratesanalarmthatispassedofftotheuserinterfaceandreportingmechanisms.Theuserinterfacegeneratesanotificationtotheadministrator(icon,logentry,andsoon).Theadministratorseesthealertandcannowdecidewhattodoaboutthepotentiallymalicioustraffic.AlarmstorageissimplyarepositoryofalarmstheIDShasrecorded—mostIDSproductsallowadministratorstoruncustomizedreportsthatsiftthroughthecollectedalarmsforitemstheadministratorissearchingfor,suchasallthealarmsgeneratedbyaspecificIPaddress.
MostIDSscanbetunedtofitaparticularenvironment.Certainsignaturescanbeturnedoff,tellingtheIDSnottolookforcertaintypesoftraffic.Forexample,ifyouareoperatinginapureUNIXenvironment,youmaynotwishtoseeWindows-basedalarms,astheywillnotaffectyoursystems.Additionally,theseverityofthealarmlevelscanbeadjusteddependingonhowconcernedyouareovercertaintypesoftraffic.SomeIDSsalsoallowtheusertoexcludecertainpatternsofactivityfromspecifichosts.Inotherwords,youcantelltheIDStoignorethefactthatsomesystemsgeneratetrafficthatlookslikemaliciousactivity,becauseitreallyisn’t.
Inadditiontothenetworkversushostdistinction,someIDSvendorswillfurthercategorizeanIDSbasedonhowitperformsthedetectionofsuspiciousormalicioustraffic.Thedifferentmodelsusedarecoveredinthenextsection.
IDSModelsInadditiontobeingdividedalongthehostandnetworklines,IDSsareoftenclassifiedaccordingtothedetectionmodeltheyuse:anomalyormisuse.ForanIDS,amodelisamethodforexaminingbehaviorsothattheIDScandeterminewhetherthatbehavioris“notnormal”orinviolationofestablishedpolicies.Ananomalydetectionmodelisthemorecomplicatedofthetwo.In
thismodel,theIDSmustknowwhat“normal”behavioronthehostornetworkbeingprotectedreallyis.Oncethe“normal”behaviorbaselineisestablished,theIDScanthengotoworkidentifyingdeviationsfromthenorm,whicharefurtherscrutinizedtodeterminewhetherornotthatactivityismalicious.BuildingtheprofileofnormalactivityisusuallydonebytheIDS,withsomeinputfromsecurityadministrators,andcantakedaystomonths.TheIDSmustbeflexibleandcapableenoughtoaccountforthingssuchasnewsystems,newusers,movementofinformationresources,andotherfactors,butbesensitiveenoughtodetectasingleuserillegallyswitchingfromoneaccounttoanotherat3A.M.onaSaturday.
ExamTip:Anomalydetectionlooksforthingsthatareoutoftheordinary,suchasauserlogginginwhenhe’snotsupposedtoorunusuallyhighnetworktrafficintoandoutofaworkstation.
Anomalydetectionwasdevelopedtomakethesystemcapableofdealingwithvariationsintrafficandbetterabletodeterminewhichactivitypatternsweremalicious.Aperfectlyfunctioninganomaly-basedsystemwouldbeabletoignorepatternsfromlegitimatehostsandusersbutstillidentifythosepatternsassuspiciousshouldtheycomefromapotentialattacker.Unfortunately,mostanomaly-basedsystemssufferfromextremelyhighfalsepositives,especiallyduringthe“break-in”periodwhiletheIDSislearningthenetwork.Ontheotherhand,ananomaly-basedsystemisnotrestrictedtoaspecificsignaturesetandisfarmorelikelytoidentifyanewexploitorattacktoolthatwouldgounnoticedbyatraditionalIDS.
ExamTip:Misusedetectionlooksforthingsthatviolatepolicy,suchasadenial-of-serviceattacklaunchedatyourwebserveroranattackerattemptingtobrute-forceanSSHsession.
Amisusedetectionmodelisalittlesimplertoimplement,andthereforeit’sthemorepopularofthetwomodels.Inamisusedetectionmodel,theIDSlooksforsuspiciousactivityoractivitythatviolatesspecificpoliciesandthenreactsasithasbeenprogrammedtodo.Thisreactioncanbeanalarm,e-mail,routerreconfiguration,orTCPresetmessage.Technically,misusedetectionisthemoreefficientmodel,asittakesfewerresourcestooperate,doesnotneedtolearnwhat“normal”behavioris,andwillgenerateanalarmwheneverapatternissuccessfullymatched.However,themisusemodel’sgreatestweaknessisitsrelianceonapredefinedsignaturebase—anyactivity,maliciousorotherwise,thatthe
misuse-basedIDSdoesnothaveasignatureforwillgoundetected.Despitethatdrawbackandbecauseitiseasierandcheapertoimplement,mostcommercialIDSproductsarebasedonthemisusedetectionmodel.SomeanalystsbreakIDSmodelsdownevenfurtherintofourcategories
dependingonhowtheIDSoperatesanddetectsmalicioustraffic(thesamemodelscanalsobeappliedtointrusionpreventionsystemsaswell—bothNIPSandHIPS):
Behavior-basedThismodelreliesonacollectedsetof“normalbehavior”:whatshouldhappenonthenetworkandisconsidered“normal”or“acceptable”traffic.Behaviorthatdoesnotfitintothe“normal”activitycategoriesorpatternsisconsideredsuspiciousormalicious.Thismodelcanpotentiallydetectzero-dayorunpublishedattacksbutcarriesahighfalsepositiverateasanynewtrafficpatterncanbelabeledas“suspect.”
Signature-basedThismodelreliesonapredefinedsetofpatterns(calledsignatures).TheIDShastoknowwhatbehaviorisconsidered“bad”aheadoftimebeforeitcanidentifyandactuponsuspiciousormalicioustraffic.
Anomaly-basedThismodelisessentiallythesameasbehavior-based.TheIDSisfirsttaughtwhat“normal”trafficlookslikeandthenlooksfordeviationstothose“normal”patterns.
HeuristicThismodelusesartificialintelligencetodetectintrusionsandmalicioustraffic.AheuristicmodelistypicallyimplementedthroughalgorithmsthathelpanIDSdecideifatrafficpatternismaliciousornot.Forexample,aURLcontaining10ormoreofthesamerepeatingcharactermaybeconsidered“bad”trafficasasinglesignature.Withaheuristicmodel,theIDSunderstandsthatif10repeatingcharactersarebad,11arestillbad,and20areevenworse.Thisimplementationoffuzzylogicallowsthismodeltofallsomewherebetweensignature-basedandbehavior-basedmodels.
SignaturesAsyouhaveprobablydeducedfromthediscussionsofar,oneofthecriticalelementsofanygoodIDSisthesignaturedatabase—thesetofpatternstheIDSusestodeterminewhetherornotactivityispotentiallyhostile.Signaturescanbeverysimpleorremarkablycomplicated,dependingontheactivitytheyaretryingtohighlight.Ingeneral,signaturescanbedividedintotwomaingroups,dependingonwhatthesignatureislookingfor:content-basedandcontext-based.Content-basedsignaturesaregenerallythesimplest.Theyare
designedtoexaminethecontentofsuchthingsasnetworkpacketsorlogentries.Content-basedsignaturesaretypicallyeasytobuildandlookforsimplethings,suchasacertainstringofcharactersoracertainflagsetinaTCPpacket.Herearesomeexamplecontent-basedsignatures:
Matchingthecharacters/etc/passwdinaTelnetsession.OnaUNIXsystem,thenamesofvaliduseraccounts(andsometimesthepasswordsforthoseuseraccounts)arestoredinafilecalledpasswdlocatedintheetcdirectory.
Matchingthecharacters“to:decode”intheheaderofane-mailmessage.Oncertainolderversionsofsendmail,sendingane-mailmessageto“decode”wouldcausethesystemtoexecutethecontentsofthee-mail.
Context-basedsignaturesaregenerallymorecomplicated,astheyaredesignedtomatchlargepatternsofactivityandexaminehowcertaintypesofactivityfitintotheotheractivitiesgoingonaroundthem.Contextsignaturesgenerallyaddressthequestion:Howdoesthiseventcomparetoothereventsthathavealreadyhappenedormighthappeninthenearfuture?Context-basedsignaturesaremoredifficulttoanalyzeandtakemoreresourcestomatch,astheIDSmustbeableto“remember”pasteventstomatchcertaincontextsignatures.Herearesomeexamplecontext-basedsignatures:
Matchapotentialintruderscanningforopenwebserversonaspecificnetwork.Apotentialintrudermayuseaportscannertolookforanysystemsacceptingconnectionsonport80.Tomatchthissignature,theIDSmustanalyzeallattemptedconnectionstoport80andthenbeabletodeterminewhichconnectionattemptsarecomingfromthesamesourcebutaregoingtomultiple,differentdestinations.
IdentifyaNessusscan.Nessusisanopen-sourcevulnerabilityscannerthatallowssecurityadministrators(andpotentialattackers)toquicklyexaminesystemsforvulnerabilities.Dependingonthetestschosen,Nessustypicallyperformsthetestsinacertainorder,oneaftertheother.TobeabletodeterminethepresenceofaNessusscan,theIDSmustknowwhichtestsNessusrunsaswellasthetypicalorderinwhichthetestsarerun.
Identifyapingfloodattack.AsingleICMPpacketonitsownisgenerallyregardedasharmless,certainlynotworthyofanIDSsignature.YetthousandsofICMPpacketscomingtoasinglesysteminashortperiodoftimecanhaveadevastatingeffectonthereceivingsystem.ByfloodingasystemwiththousandsofvalidICMPpackets,anattackercankeepatargetsystemsobusyitdoesn’thavetimetodoanythingelse—averyeffectivedenial-of-serviceattack.Toidentifyapingflood,theIDSmustrecognizeeachICMPpacketandkeeptrackofhowmanyICMPpacketsdifferentsystemshavereceivedintherecentpast.
ExamTip:Knowthedifferencesbetweencontent-basedandcontext-basedsignatures.Content-basedsignaturesmatchspecificcontent,suchasacertainstringorseriesofcharacters(matchingthestring/etc/passwdinanFTPsession).Context-basedsignaturesmatchapatternofactivitybasedontheotheractivityaroundit,suchasaportscan.
Tofunction,theIDSmusthaveadecentsignaturebasewithexamplesofknown,undesirableactivitythatitcanusewhenanalyzingtrafficor
events.AnytimeanIDSmatchescurrenteventsagainstasignature,theIDScouldbeconsideredsuccessful,asithascorrectlymatchedthecurrenteventagainstaknownsignatureandreactedaccordingly(usuallywithanalarmoralertofsometype).
FalsePositivesandFalseNegativesViewedinitssimplestform,anIDSisreallyjustlookingatactivity(beithost-basedornetwork-based)andmatchingitagainstapredefinedsetofpatterns.Whenitmatchesactivitytoaspecificpattern,theIDScannotknowthetrueintentbehindthatactivity—whetheritisbenignorhostile—andthereforeitcanreactonlyasithasbeenprogrammedtodo.Inmostcases,thismeansgeneratinganalertthatmustthenbeanalyzedbyahumanwhotriestodeterminetheintentofthetrafficfromwhateverinformationisavailable.WhenanIDSmatchesapatternandgeneratesanalarmforbenigntraffic,meaningthetrafficwasnothostileandnotathreat,thisiscalledafalsepositive.Inotherwords,theIDSmatchedapatternandraisedanalarmwhenitdidn’treallyneedtodoso.KeepinmindthattheIDScanonlymatchpatternsandhasnoabilitytodetermineintentbehindtheactivity,soinsomewaysthisisanunfairlabel.Technically,theIDSisfunctioningcorrectlybymatchingthepattern,butfromahumanstandpointthisisnotinformationtheanalystneededtosee,asitdoesnotconstituteathreatanddoesnotrequireintervention.
Toreducethegenerationoffalsepositives,mostadministratorstunetheIDS.“Tuning”anIDSistheprocessofconfiguringtheIDSsothatitworksinyourspecificenvironment—generatingalarmsformalicioustrafficandnotgeneratingalarmsfortrafficthatis“normal”foryournetwork.EffectivelytuninganIDScanresultinsignificantreductionsinfalse-positivetraffic.
AnIDSisalsolimitedbyitssignatureset—itcanmatchonlyactivityforwhichithasstoredpatterns.HostileactivitythatdoesnotmatchanIDSsignatureandthereforegoesundetectediscalledafalsenegative.Inthis
case,theIDSisnotgeneratinganyalarms,eventhoughitshouldbe,givingafalsesenseofsecurity.
Network-BasedIDSsNetwork-basedIDSs(NIDSs)actuallycamealongafewyearsafterhost-basedsystems.Afterrunninghost-basedsystemsforawhile,manyorganizationsgrewtiredofthetime,energy,andexpenseinvolvedwithmanagingthefirstgenerationofthesesystems—thehost-basedsystemswerenotcentrallymanaged,therewasnoeasywaytocorrelatealertsbetweensystems,andfalse-positiverateswerehigh.Thedesirefora“betterway”grewalongwiththeamountofinterconnectivitybetweensystemsand,consequently,theamountofmaliciousactivitycomingacrossthenetworksthemselves.ThisfueleddevelopmentofanewbreedofIDSdesignedtofocusonthesourceforagreatdealofthemalicioustraffic—thenetworkitself.
TechTip
NetworkVisibilityAnetworkIDShastobeabletoseetraffictofindthemalicioustraffic.EncryptedtrafficsuchasSSHorHTTPSsessionsmustbedecryptedbeforeanetworkIDScanexaminethem.
TheNIDSintegratedverywellintotheconceptofperimetersecurity.Moreandmorecompaniesbegantooperatetheircomputersecuritylikeacastleormilitarybase(seeFigure13.3),withattentionandeffortfocusedonsecuringandcontrollingthewaysinandout—theideabeingthatifyoucouldrestrictandcontrolaccessattheperimeter,youdidn’thavetoworryasmuchaboutactivityinsidetheorganization.Eventhoughtheideaofasecurityperimeterissomewhatflawed(manysecurityincidentsoriginateinsidetheperimeter),itcaughtonveryquickly,asitwaseasytounderstandanddevicessuchasfirewalls,bastionhosts,androuterswere
availabletodefineandsecurethatperimeter.Thebestwaytosecuretheperimeterfromoutsideattackistorejectalltrafficfromexternalentities,butthisisimpossibleandimpracticaltodo,sosecuritypersonnelneededawaytolettrafficinbutstillbeabletodeterminewhetherornotthetrafficwasmalicious.ThisistheproblemthatNIDSdevelopersweretryingtosolve.
•Figure13.3Networkperimetersarealittlelikecastles—firewallsandNIDSsformthegatesandguardstokeepmalicioustrafficout.
Asitsnamesuggests,aNIDSfocusesonnetworktraffic—thebitsandbytestravelingalongthecablesandwiresthatinterconnectthesystems.ANIDSmustexaminethenetworktrafficasitpassesbyandbeabletoanalyzetrafficaccordingtoprotocol,type,amount,source,destination,content,trafficalreadyseen,andotherfactors.Thisanalysismusthappenquickly,andtheNIDSmustbeabletohandletrafficatwhateverspeedthenetworkoperatestobeeffective.NIDSsaretypicallydeployedsothattheycanmonitortrafficinandout
ofanorganization’smajorlinks:connectionstotheInternet,remoteoffices,partners,andsoon.Likehost-basedsystems,NIDSslookforcertainactivitiesthattypifyhostileactionsormisuse,suchasthefollowing:
Denial-of-serviceattacks
Portscansorsweeps
Maliciouscontentinthedatapayloadofapacketorpackets
Vulnerabilityscanning
Trojans,viruses,orworms
Tunneling
Brute-forceattacks
Ingeneral,mostNIDSsoperateinafairlysimilarfashion.Figure13.4showsthelogicallayoutofaNIDS.Byconsideringthefunctionandactivityofeachcomponent,youcangainsomeinsightintohowaNIDSoperates.
•Figure13.4NetworkIDScomponents
Inthesimplestform,aNIDShasthesamemajorcomponents:trafficcollector,analysisengine,reports,andauserinterface.InaNIDS,thetrafficcollectorisspecificallydesignedtopulltraffic
fromthenetwork.Thiscomponentusuallybehavesinmuchthesamewayasanetworktrafficsniffer—itsimplypullseverypacketitcanseeoffthenetworktowhichitisconnected.InaNIDS,thetrafficcollectorwilllogicallyattachitselftoanetworkinterfacecard(NIC)andinstructtheNICtoaccepteverypacketitcan.ANICthatacceptsandprocesseseverypacketregardlessofthepacket’soriginanddestinationissaidtobeinpromiscuousmode.
TechTip
AnotherWaytoLookatNIDSsInitssimplestform,aNIDSisalotlikeamotiondetectorandavideosurveillancesystemrolledintoone.TheNIDSnotestheundesirableactivity,generatesanalarm,andrecordswhathappens.
TheanalysisengineinaNIDSservesthesamefunctionasitshost-basedcounterpart,withsomesubstantialdifferences.Thenetworkanalysisenginemustbeabletocollectpacketsandexaminethemindividuallyor,ifnecessary,reassemblethemintoanentiretrafficsession.Thepatternsandsignaturesbeingmatchedarefarmorecomplicatedthanhost-basedsignatures,sotheanalysisenginemustbeabletorememberwhattrafficprecededthetrafficcurrentlybeinganalyzedsothatitcandeterminewhetherornotthattrafficfitsintoalargerpatternofmaliciousactivity.Additionally,thenetwork-basedanalysisenginemustbeabletokeepupwiththeflowoftrafficonthenetwork,rebuildingnetworksessionsandmatchingpatternsinrealtime.
CrossCheck
NIDSandEncryptedTrafficYoulearnedaboutencryptedtrafficinChapter5,socheckyourmemorywiththesequestions.WhatisSSH?Whatisaone-timepad?Canyounameatleastthreedifferentalgorithms?
TheNIDSsignaturedatabaseisusuallymuchlargerthanthatofahost-basedsystem.Whenexaminingnetworkpatterns,theNIDSmustbeabletorecognizetraffictargetedatmanydifferentapplicationsandoperatingsystemsaswellastrafficfromawidevarietyofthreats(worms,assessmenttools,attacktools,andsoon).Someofthesignaturesthemselvescanbequitelarge,astheNIDSmustlookatnetworktraffic
occurringinaspecificorderoveraperiodoftimetomatchaparticularmaliciouspattern.Usingthelessonslearnedfromearlyhost-basedsystems,NIDS
developersmodifiedthelogicalcomponentdesignsomewhattodistributetheuserinterfaceandreportingfunctions.Asmanycompanieshadmorethanonenetworklink,theywouldneedanIDScapableofhandlingmultiplelinksinmanydifferentlocations.TheearlyIDSvendorssolvedthisdilemmabydividingthecomponentsandassigningthemtoseparateentities.Thetrafficcollector,analysisengine,andsignaturedatabasewerebundledintoasingleentity,usuallycalledasensororappliance.Thesensorswouldreporttoandbecontrolledbyacentralsystemormasterconsole.Thiscentralsystem,showninFigure13.5,consolidatedalarmsandprovidedtheuserinterfaceandreportingfunctionsthatallowedusersinonelocationtomanage,maintain,andmonitorsensorsdeployedinavarietyofremotelocations.
•Figure13.5DistributednetworkIDScomponents
Bycreatingseparatecomponentsdesignedtoworktogether,theNIDSdeveloperswereabletobuildamorecapableandflexiblesystem.Withencryptedcommunications,networksensorscouldbeplacedaroundbothlocalandremoteperimetersandstillbemonitoredandmanagedsecurelyfromacentrallocation.Placementofthesensorsveryquicklybecameanissueformostsecuritypersonnel,asthesensorsobviouslyhadtohavevisibilityofthenetworktrafficinordertoanalyzeit.BecausemostorganizationswithNIDSsalsohadfirewalls,locationoftheNIDSrelativetothefirewallhadtobeconsideredaswell.Placedbeforethefirewall,asshowninFigure13.6,theNIDSwillseealltrafficcominginfromthe
Internet,includingattacksagainstthefirewallitself.Thisincludestrafficthatthefirewallstopsanddoesnotpermitintothecorporatenetwork.Withthistypeofdeployment,theNIDSsensorwillgeneratealargenumberofalarms(includingalarmsfortrafficthatthefirewallwouldstop).Thistendstooverwhelmthehumanoperatorsmanagingthesystem.
•Figure13.6NIDSsensorplacedinfrontoffirewall
Placedafterthefirewall,asshowninFigure13.7,theNIDSsensorseesandanalyzesthetrafficthatisbeingpassedthroughthefirewallandintothecorporatenetwork.WhilethisdoesnotallowtheNIDStoseeattacksagainstthefirewall,itgenerallyresultsinfarfeweralarmsandisthemostpopularplacementforNIDSsensors.
•Figure13.7NIDSsensorplacedbehindfirewall
Asyoualreadyknow,NIDSsexaminethenetworktrafficforsuspiciousormaliciousactivity.HerearetwoexamplesofsuspicioustraffictoillustratetheoperationofaNIDS:
PortscanAportscanisareconnaissanceactivityapotentialattackerusestofindoutinformationaboutthesystemshewantstoattack.Usinganyofanumberoftools,theattackerattemptstoconnecttovariousservices(web,FTP,SMTP,andsoon)toseeiftheyexistontheintendedtarget.Innormalnetworktraffic,asingleusermightconnecttotheFTPserviceprovidedonasinglesystem.Duringaportscan,anattackermayattempttoconnecttotheFTPserviceoneverysystem.Astheattacker’strafficpassesbytheIDS,theIDSwillnoticethispatternofattemptingtoconnecttodifferentservicesondifferentsystemsinarelativelyshortperiodoftime.WhentheIDScompares
theactivitytoitssignaturedatabase,itwillverylikelymatchthistrafficagainsttheportscanningsignatureandgenerateanalarm.
PingofdeathTowardtheendof1996,itwasdiscoveredthatcertainoperatingsystems,suchasWindows,couldbecrashedbysendingaverylargeInternetControlMessageProtocol(ICMP)echorequestpackettothatsystem.ThisisafairlysimpletrafficpatternforaNIDStoidentify,asitsimplyhastolookforICMPpacketsoveracertainsize.
PortscanningactivityisrampantontheInternet.MostorganizationswithNIDSseehundredsorthousandsofportscanalarmseverydayfromsourcesaroundtheworld.Someadministratorsreducethealarmlevelofportscanalarmsorignoreportscanningtrafficbecausethereissimplytoomuchtraffictotrackdownandrespondtoeachalarm.
AdvantagesofaNIDSANIDShascertainadvantagesthatmakeitagoodchoiceforcertainsituations:
ProvidingIDScoveragerequiresfewersystems.Withafewwell-placedNIDSsensors,youcanmonitorallthenetworktrafficgoinginandoutofyourorganization.Fewersensorsusuallyequatestolessoverheadandmaintenance,meaningyoucanprotectthesamenumberofsystemsatalowercost.
Deployment,maintenance,andupgradecostsareusuallylower.ThefewersystemsthathavetobemanagedandmaintainedtoprovideIDScoverage,thelowerthecosttooperatetheIDS.Upgradingandmaintainingafewsensorsisusuallymuchcheaperthanupgradingandmaintaininghundredsofhost-basedprocesses.
ANIDShasvisibilityintoallnetworktrafficandcancorrelateattacks
amongmultiplesystems.Well-placedNIDSsensorscanseethe“bigpicture”whenitcomestonetwork-basedattacks.Thenetworksensorscantellyouwhetherattacksarewidespreadandunorganizedorfocusedandconcentratedonspecificsystems.
DisadvantagesofaNIDSANIDShascertaindisadvantages:
Itisineffectivewhentrafficisencrypted.Whennetworktrafficisencryptedfromapplicationtoapplicationorsystemtosystem,aNIDSsensorwillnotbeabletoexaminethattraffic.Withtheincreasingpopularityofencryptedtraffic,thisisbecomingabiggerproblemforeffectiveIDSoperations.
Itcan’tseetrafficthatdoesnotcrossit.TheIDSsensorcanexamineonlytrafficcrossingthenetworklinkitismonitoring.WithmostIDSsensorsbeingplacedonperimeterlinks,traffictraversingtheinternalnetworkisneverseen.
Itmustbeabletohandlehighvolumesoftraffic.Asnetworkspeedscontinuetoincrease,thenetworksensorsmustbeabletokeeppaceandexaminethetrafficasquicklyasitcanpassthenetwork.WhenNIDSswereintroduced,10-Mbpsnetworkswerethenorm.Now100-Mbpsandeven1-Gbpsnetworksarecommonplace.ThisincreaseintrafficspeedsmeansIDSsensorsmustbefasterandmorepowerfulthaneverbefore.
Itdoesn’tknowaboutactivityonthehoststhemselves.NIDSsfocusonnetworktraffic.ActivitythatoccursonthehoststhemselveswillnotbeseenbyaNIDS.
TechTip
TCPResetThemostcommondefensiveabilityforanactiveNIDSistosendaTCPresetmessage.WithinTCP,theresetmessage(RST)essentiallytellsbothsidesoftheconnectiontodropthesessionandstopcommunicatingimmediately.Whilethismechanismwasoriginallydevelopedtocoversituationssuchassystemsaccidentallyreceivingcommunicationsintendedforothersystems,theresetmessageworksfairlywellforNIDSs—withoneseriousdrawback:aresetmessageaffectsonlythecurrentsession.Nothingpreventstheattackerfromcomingbackandtryingagainandagain.Despitethe“temporariness”ofthissolution,sendingaresetmessageisusuallytheonlydefensivemeasureimplementedonNIDSdeployments,asthefearofblockinglegitimatetrafficanddisruptingbusinessprocesses,evenforafewmoments,oftenoutweighstheperceivedbenefitofdiscouragingpotentialintruders.
Activevs.PassiveNIDSsMostNIDSscanbedistinguishedbyhowtheyexaminethetrafficandwhetherornottheyinteractwiththattraffic.Onapassivesystem,theNIDSsimplywatchesthetraffic,analyzesit,andgeneratesalarms.Itdoesnotinteractwiththetrafficitselfinanyway,anditdoesnotmodifythedefensivepostureofthesystemtoreacttothetraffic.ApassiveNIDSisverysimilartoasimplemotionsensor—itgeneratesanalarmwhenitmatchesapattern,muchasthemotionsensorgeneratesanalarmwhenitseesmovement.AnactiveNIDScontainsallthesamecomponentsandcapabilitiesofthepassiveNIDSwithonecriticaladdition—theactiveNIDScanreacttothetrafficitisanalyzing.Thesereactionscanrangefromsomethingsimple,suchassendingaTCPresetmessagetointerruptapotentialattackanddisconnectasession,tosomethingcomplex,suchasdynamicallymodifyingfirewallrulestorejectalltrafficfromspecificsourceIPaddressesforthenext24hours.
NIDSToolsTherearenumerousexamplesofNIDStoolsinthemarketplace,fromopensourceprojectstocommercialentries.SnorthasbeenthedefactostandardIDSenginesinceitscreationin1998.Ithasalargeuserbaseand
setthestandardformanyIDSelement,includingrulesetsandformats.SnortrulesarethelistofactivitiesthatSnortwillalertonandprovidetheflexiblepowerbehindtheIDSplatform.SnortrulesetsareupdatedbyalargeactivecommunityaswellasSourcefireVulnerabilityResearchTeam,thecompanybehindSnort.SnortVRTrulesetsareavailabletosubscribersandprovidesuchelementsassame-dayprotectionforitemssuchasMicrosoftpatchTuesdayvulnerabilities.Theserulesaremovedtotheopencommunityafter30days.AnewerentranttotheIDSmarketplaceisSuricata.Suricataisanopen
sourceIDS,begunwithgrantmoneyfromtheU.S.governmentandmaintainedbytheOpenSourceSecurityFoundation(OSIF).SuricatahasoneadvantageoverSnort:itsupportsmultithreading,whileSnortonlysupportssingle-threadedoperation.Bothofthesesystemsarehighlyflexibleandscalable,operatingonbothWindowsandLinuxplatforms.
TechTip
SnortRulesThebasicformatforSnortrulesisaruleheaderfollowedbyruleoptions.
Host-BasedIDSsTheveryfirstIDSswerehost-basedanddesignedtoexamineactivityonlyonaspecifichost.Ahost-basedIDS(HIDS)examineslogfiles,audittrails,andnetworktrafficcomingintoorleavingaspecifichost.HIDSscanoperateinrealtime,lookingforactivityasitoccurs,orinbatchmode,lookingforactivityonaperiodicbasis.Host-basedsystemsaretypicallyself-contained,butmanyofthenewercommercialproductshavebeendesignedtoreporttoandbemanagedbyacentralsystem.Host-based
systemsalsotakelocalsystemresourcestooperate.Inotherwords,aHIDSwilluseupsomeofthememoryandCPUcyclesofthesystemitisprotecting.EarlyversionsofHIDSsraninbatchmode,lookingforsuspiciousactivityonanhourlyordailybasis,andtypicallylookedonlyforspecificeventsinthesystem’slogfiles.Asprocessorspeedsincreased,laterversionsofHIDSslookedthroughthelogfilesinrealtimeandevenaddedtheabilitytoexaminethedatatrafficthehostwasgeneratingandreceiving.MostHIDSsfocusonthelogfilesoraudittrailsgeneratedbythelocal
operatingsystem.OnUNIXsystems,theexaminedlogsusuallyincludethosecreatedbysyslog,suchasmessages,kernellogs,anderrorlogs.OnWindowssystems,theexaminedlogsaretypicallythethreeeventlogs:Application,System,andSecu