-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathNetworkSecurety.txt
executable file
·464 lines (402 loc) · 27.6 KB
/
NetworkSecurety.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
Firewalls :-
It forms a barrior through which the traffic going in each direction must pass, it may be degined to oprate as a filter at the
level of IP packets of may operate at a higher protocole layer.
They can be an effective means of protecting a local system or network of system form network based securety threades.
Firewalls degine Principle :-
-> LAN interconnecting PC's and terminal to each others.
-> Enterprise wide network consisting of multiple geographically distrebuted network interconnected by a private MAN.
-> Internet connectivety in which the varius networks into the internet.
Firewalls chracterstics :-
-> All traffic from inside to outside must pass.
-> Only authroised traffic by the local securety policy will be allow to pass,
Varius type of firewall are used which implement varius type of securety policys.
-> The firewall itself is immune to pnetration.
Types of Firewalls :-
-> Packet filtring
-> Application level
-> circuit level
-> Packet filtring
A packet filtring router apply a set of rules to each incoming and outgoing IP packets and then forward or disgard the
packets.
+------------------------------------------------------------------------+
| |
+-----------+ +------------+ |
| | | packet | +-------------------+ |
| internet |-----------------------| filtring |------------------------------| Private Network | |
| | | router | +-------------------+ |
+-----------+ +------------+ |
| |
+------------------------------------------------------------------------+
--> Source IP addres
--> Destination IP addres
--> Source IP addres
--> Source and Destination transport level addres
--> IP Protocole field
--> Interface
--> Source IP addres
The IP addres of the system that orignate the IP Package.
ex: 192.178.1.1
--> Destination IP addres
The IP addres of the system the IP packet is triying to reach.
ex: 192.168.1.2
--> Source and Destination transport level addres
The transport level TCP/UDP port number which define application such as SNMP or Telnet.
--> IP Protocole field
It define the transport protocole
--> Interface
For a router with 3 or more ports which interface of the router with the package came from or with interface of the
router the packet is destinated for.
-> Application level
An application level getway also called proxy server acts as a relay of application level traffic.
+-----------+
| |
| TELNET |
+-------------------+ | | +-------------------+
| | Outside connection | FTP | Inside connection | |
| Outside host |----------------------| |--------------------| Inside Host |
| | | SMTP | | |
+-------------------+ | | +-------------------+
| HTTP |
| |
+-----------+
The user contects the getway using a TCP/IP application such as Telnet, when the user responce and provides a valid user
ID and authentigation information the getway contects the information on the remote host.
Application level getway is more secure then packet filter.
-> circuit level
+-----------+
| |
OUT---+ IN
+-------------------+ | | | +-------------------+
| | | | | | |
| Outside host |---------------| | |-------------| Inside Host |
| | OUT | IN | |
+-------------------+ | | | +-------------------+
| | |
OUT +------IN
| |
+-----------+
A third type of firewall is a circuit level getway this can be a stand alone system or it can be spcialied function performed by
an application level getway for certain application a circuit level getway does not permit an N-N TCP connection.
Bastion Host :-
A bastion host is a system identified by the firewall admnistrater as a critical strong point in the network securety the bastion
host serve as a plateform for an application level.or circuit level getway,
comman level of a bastion host are following -
-> The Bastion Host hardware plateform execute a secure version of it's OS making it a trusted system.
-> The servises that the network admnistrater consider asensial are installed on the bastion host this include proxy application
such as telnet, DNS, FTP, SMTP and user authentigation.
-> The bastion host may require addisnol authentigation before a user is allowed access to the proxy servises.
-> Each proxy is configured to support only a subset of the standerd application command set.
-> Each proxy is configured to allow access only to specific host system.
-> Each proxy maintain detailed audit information by login all traffic each connection and the duration of each connection the
audit log is an asensial tool for discovering and terminating intruder attacks.
-> Each proxy module is a very small software package designed for network securety for example a Unix mail application may contain
20,000 line of code while a mail proxy may contain fewer then 1,000.
-> Each proxy independent of others proxy on the bastion host if there is a problem with the operation of any proxy.
-> A proxy genraly performed no disk access other then to read it initinal configuration file.
-> Each proxy runes a non-privillage user in a private and secure directry on the bastion host.
Trojan Horse Defense :-
+------------------------------------------------------------------+
| |
+---+ | | BOB : RW | |
|BOB|----| +-----------+ +---------------+ +----------+ |
+---+ | | | | | | |
| | Program |-------| "CPE170KS" |--------+ |
| | | | | |
| +-----------+ +---------------+ ALIC : RW |
+----+ | | BOB : W | |
|ALIC|---| +-----+-----+ +---------------+ +----------+ |
+----+ | | | H | | Back | | |
| | +-----|-------| Pocket |--------+ |
| | Program | | File | |
| +-----------+ +---------------+ |
| |
+------------------------------------------------------------------+
Refrence Moniter
|
+-------------------+----------------------------------------------+
| | |
+---+ | | | BOB : RW | |
|BOB|----| +-----------+ | +---------------+ +----------+ |
+---+ | |-----------| | |---------------| | |
| |-Program---|----+--|-"CPE170KS"----|--------+ |
| |-----------| | |---------------| |
| +-----------+ | +---------------+ ALIC : RW |
+----+ | | | BOB : W | |
|ALIC| | +-----+-----+ | +---------------+ +----------+ |
+----+ | | | H | | | Back | | |
| | +-----| | | Pocket |--------+ |
| | Program | | | File | |
| +-----------+ | +---------------+ |
| | |
+-------------------+----------------------------------------------+
|
+------------------------------------------------------------------+
| |
+---+ | | BOB : RW | |
|BOB|-+ | +-----------+ +---------------+ +----------+ |
+---+ | | | | | | | |
| | | Program |-------| "CPE170KS" |--------+ |
| | | | | | |
| | +-----------+ +---------------+ |
| | | |
+--+--+ +-------+ ALIC : RW |
+----+ | | | | BOB : W | |
|ALIC| | +-----+-----+ +---------------+ +----------+ |
+----+ | | | H | | Back | | |
| | +-----|-------| Pocket |--------+ |
| | Program | | File | |
| +-----------+ +---------------+ |
| |
+------------------------------------------------------------------+
Refrence Moniter
|
+-------------------+----------------------------------------------+
| | |
+---+ | | | BOB : RW | |
|BOB|-+ | +-----------+ | +---------------+ +----------+ |
+---+ | | | | | |---------------| | |
| | | Program | | |-"CPE170KS"----|--------+ |
| | | | | |---------------| |
| | +-----------+ | +---------------+ |
| | | | |
+--+--+ +----+--+ ALIC : RW |
+----+ | | | | | BOB : W | |
|ALIC| | +-----+-----+ | +---------------+ +----------+ |
+----+ | |-----| H | | | Back | | |
| |-----+-----|----+--| Pocket |--------+ |
| |--Program--| | | File | |
| +-----------+ | +---------------+ |
| | |
+-------------------+----------------------------------------------+
|
Trojan :-
It's a type of mallware that is either packeged along with a usefull piec of software otherwise infactionmay be done by
online activity.
To secue against trojan horse attacks is the use of secure trusted operating system.
In this example a user named BOB intrects to a program with a data file containing the criticaly sencitive character string
"CPE170KS" user BOB has created the file with R/W permition provided only to program executing own it's bihalf.
The trojan horse attacks begines when a horsetile user named ALIC gains to the system and install both trojan horse program
and a private file to be used in the attack as a Back Pocket ALIC gives R/W permition to herself for this file and gives BOB
W only permition. The use of a secue OS in this securety level are assined to subject at logon identifyed by the password
and ID.
Viruses :-
A varius is a peace of software that can infect other program by modefying them the modifaction include a copy of the varius program
which can go on to infect other program.
Type of Viruses
-> Boot secter Virus
It infect a masterboot report and spreds when a system is booted from the disk containing the Virus.
-> Polymorfic Virus
A Virus that affects data type and function, it's a self encrupted virus
-> Matamorfic Virus
it's type of virus that is capable of changing it's port and signature pattern with each itteration.
-> Memory resident Virus
It's a miscellaneous code that install in the Memory that infect future programes
-> Parasitic Virus
It's most comman virus it atach itself to exicutable file and replicates.
Macro viruses :-
-> A macro is plateform indipendent it infact microsoft word document so any hardware plateform and OS that support word can be
infacted.
-> Macro viruse infact document not exicutable portion of code.
-> Macro viruse are easely sprades a very comman method is by E-Mail.
-> Macro viruse take advantages of a features found in word and other office application such as microsoft excel.
-> sucessive relese of word software provide increse protection against macro viruses for ex: microsoft offers an optional
macro virus protection tool that ditect supicius word files.
E-mail Viruses :-
-> A more resent devlopment in Miscellaneous software is the e-mail viruses the first spredding e-mail viruses such as melissa
the mail viruses send itself to everyone in the mailing-list in the users e-mail package.
-> They does local damage the viruses uses the visual basic scripting language supported by the mail package.
Worms :-
a worm is a program that can replicates itself and send copyes from computer to computer acrose network connection.
Threads :-
-> Miscellaneous programes
They are comenly use as mallware that brings harm to a computer system, they can be in the for of worms, trojans, back door,
logic and zombie.
--> Back door
--> Logic boom
--> Trojan Horse
--> Zombie
--> Back door
Known as trap door is a secrate entry point into a program that allow someone back door to gain access without going
through the usiual securety access prosidure.
--> Logic boom
One of the oldest type of program threades viruses is the logic boom, it's a code ambadded in the some program that is said
to explode when certain condition are mets.
--> Trojan Horse
It's a type of mallware that is either packeged along with a usefull piec of software otherwise infactionmay be done by
online activity.
--> Zombie
It's a program that secretly takes over another internet attached computer and then use that computer to launch attacks
that are difficult to trace to the zombie creaters zombie are used in denile of servis attacks against targated web-
-site
SET (Secure Electronic Tranjaction) :-
Set is an open encription and securety specification degine to protect cradit card tranjaction on the internet the current
version is SET V1, It's not itself an payment system it's a set of securety protocole and formets that enable users to employe
the cradit card payment infrastructure, SET provide 3 servises.
-> Provide a secure communication chennal.
-> Ensure privecy Because the information is only avilable to partyes in a tranjaction.
-> Provide trust by the use of digitel certificate
SET Overview :-
SET specification list the following business requriment for secure payment processing with cradit cards over the internet and
other network
-> Provide confidenciality of payment and ordering information
-> Ensure the intigrety of all transmitid data
-> Provide authentigation that a card holder is a leagel user of a cradit card accaunt
-> Provide authentigation that a merchant can accept cradit card tranjaction
-> Ensure the use of the bach securety practicies
-> Encrase inter operate ability among software and network providers
+----+ +----+
| | | |
+----+ +----+
Card holder Merchant
\ /
\ /
+---------------+
| |
| Internet |
| |
+---------------+
| \
| \
| \
+--------+ +-----------------+
| | | Payment Getway |
| | +-----------------+
+--------+
Certificate Authority
|
|
|
/|\
/ | \
/ | \
+------+ | +--------+
|Issuer| | | Acquier|
+------+ | +--------+
|
+-----------------+
| Payment Getway |
+-----------------+
Digitel signature :-
They allow us to varefy the auther, date and time of signature authentigate the message content it also include authentigation
function for additional capiblity there are sevral reasions to implement digitel signature for communication
-> Authentigation
-> Intigrety
-> nonrepudiation
+-----------+
| | +------------+
| Data |-->| 10110010 |
| | +------------+
+-----------+ Hash |
|
+-------+ |
| Certi | |
| cate | |
| | |
+-------+ |
| |
| +-------+
| |1110110|
| +-------+
| |
| |
+------------------+
|
|
|
+------------+
| Digitally |
| Signed |
| data |
+------------+
+------------+
| Digitally |
| Signed |
| data |
+------------+
|
|
|
+-----------------------------------------------+
| |
+-------+ |
| Data | +---------+
+-------+ |1110110 |
| +---------+
| |
| | decrupting using signature public
| | Key
+-----------+ +------------+
| 10110010 | -------------------------------- | 10110010 |
+-----------+ +------------+
Hash Hash
Electonic mail securety :-
-> PGP ( preety good privecy )
It's an encription program that provide cryptography privecy and authentigation for data communication, It's used
singing for encurpting and decrupting text, emails, files and directry to increse the securety of email communication
It's a populer program used to encrupt and decrupt over the internet as well as authentigate digitel signature and
encrupted stroed files PGP uses a variation of public key system in this system each user has an encription key that is
public Known and a private key that is Known only to that user pretty good privicy can be used to authenticate digital
certificate and encrypt / decrypt text , emails, files, directories, and whole disk partition.
DES algorithen (Data encription standerd) :-
DES is found very strong against very powerful attacks DES is a block cipher and incrept data in blocks of size of 64 bits each
it means 64 bit of plan text goes as the input to DES is based on the 2 fundamental attributes of cryptography
-> Substitution
-> Transpotion
let us now disuss the broad steps in DES.
- In first step the 64 bit plan text block is handed over to an initinal permution ( IP function )
- The initinal permution performed on plan text.
- The initinal permution ( IP ) produce 2 half of the permutated block
-> left plan text (LPT)
-> Right plan text (RPT)
- now each LPT and RPT to go through sixteen rounds of encription process
- in the end LPT and RPT are rejoined and a final permution (FP) is performed on the combined block the result of this
process produce 64 bit cipher text
AES ( Advance encription standerd ) :-
The AES is a symatric block cipher chosen by the US goverment to protect clasifyed information and is implement in software
and hardware through out the world to encrypt the sensitive data the netional institute of standerd and technology ( NIST )
started devlopment of AES in 1997.
Features :-
The selection process for this new symatric key algorithen was fully open to public securety and comments NIST specified
the new advance encription standerd algorithen must be a block cyper capable for handling 128 bit block
--> securety
competing algorithen were to be judged on there ability to resist attack cost intendid to be realesed under a glopble
and royalty free bassic algorithen and incrementation characterstics to be evaluated the flexibility of the algorithen
Cost
implementation
Secure software layer (SSL) :-
SSL is the standerd securety technology for establising and encripted link between a web server and a browser this link ensure
that all data pass between the web server and browser.
To be able to create an ssl connection a web server require an SSL certificate when you chose to activate SSL on your web server
create 2 cryptography key Private and Public.
Public Key :-
It does not need to be secrate and is placed into a certificate singing request (CSR).
Private Key :-
It is the form of encription where only single private key can encript and decrupt information it's a fast process because it
use a single key.
--> How SSL Works
When a web browser try to connect to a website using SSL the browser will request the web server identified itself
this promte the web server to send the browser a copy of the SSL certificate.the browser check to see if the SSL
certificate is trusted then the browser send a message to the web server then responce to the browser with a digital singed
acknowledgo to start an SSL encripted session this allow encripted data to be shared between the browser and the server.
You man notice that your browsing session now start with HTTPS not HTTP.
MIME ( Multi purpose internet mail extention) :-
it is an internet standerd that extends the formet of email to support
-> Text in character set other then ASCII
-> message body with multiple parts
-> non text attachment,audio,video,image,application program etc.
MIME spcialied in 6 linked RFC ( request for comment).
-> RFC 2045
-> RFC 2046
-> RFC 2047
-> RFC 4288
-> RFC 4289
-> RFC 2049
It was designed for SMTP it are also importence in communication protocoles , outside of email, such as HTTP for the word wide
web.
--> SMIME ( secure Multi purpose internet mail extention)
It is widely accepted method for sending digitaly singed and encripted message it allow you to encript emails and digitaly
singed then when you use SMIME with an email message allow to incrept email and digitaly singed then when you use SMIME
with an email message it help peoples who receve that message what they see in there inbox it will also help peoples who
receve message to be certain the message came from the specific sender SMIME provide cryptography securety servises such as
authentication and intigrety and non repudiation of origin ( using digital signature ) it also help enhence privecy and data
securety using encription for electonic messaging