Focus on Security. 2 dr. Frank B. Brokken ([email protected]) Center of Information Technology...
-
Upload
gervais-tate -
Category
Documents
-
view
214 -
download
0
Transcript of Focus on Security. 2 dr. Frank B. Brokken ([email protected]) Center of Information Technology...
![Page 1: Focus on Security. 2 dr. Frank B. Brokken (f.b.brokken@rug.nl) Center of Information Technology University of Groningen 2013.](https://reader038.fdocuments.net/reader038/viewer/2022110322/56649d215503460f949f6665/html5/thumbnails/1.jpg)
Focus on Security
![Page 2: Focus on Security. 2 dr. Frank B. Brokken (f.b.brokken@rug.nl) Center of Information Technology University of Groningen 2013.](https://reader038.fdocuments.net/reader038/viewer/2022110322/56649d215503460f949f6665/html5/thumbnails/2.jpg)
2
Focus on Security
dr. Frank B. Brokken
Center of Information TechnologyUniversity of Groningen
2013
![Page 3: Focus on Security. 2 dr. Frank B. Brokken (f.b.brokken@rug.nl) Center of Information Technology University of Groningen 2013.](https://reader038.fdocuments.net/reader038/viewer/2022110322/56649d215503460f949f6665/html5/thumbnails/3.jpg)
3
ICT Security
Topics: Day 1: General principles. Day 2: System hardening and
integrity. Day 3: Keeping the bad guys out. Day 4: Seeing the invisible; what's
passing through the wires? Day 5: Summary and conclusions
![Page 4: Focus on Security. 2 dr. Frank B. Brokken (f.b.brokken@rug.nl) Center of Information Technology University of Groningen 2013.](https://reader038.fdocuments.net/reader038/viewer/2022110322/56649d215503460f949f6665/html5/thumbnails/4.jpg)
4
ICT Security
General principles. Focusing on security Well-known security risks Defense mechanisms
How can encryption help? Public Key Infrastructures
PGP/GPG, SSL
![Page 5: Focus on Security. 2 dr. Frank B. Brokken (f.b.brokken@rug.nl) Center of Information Technology University of Groningen 2013.](https://reader038.fdocuments.net/reader038/viewer/2022110322/56649d215503460f949f6665/html5/thumbnails/5.jpg)
5
Security Focus
CIA:
![Page 6: Focus on Security. 2 dr. Frank B. Brokken (f.b.brokken@rug.nl) Center of Information Technology University of Groningen 2013.](https://reader038.fdocuments.net/reader038/viewer/2022110322/56649d215503460f949f6665/html5/thumbnails/6.jpg)
6
Security Focus
CIA: Confidentiality
![Page 7: Focus on Security. 2 dr. Frank B. Brokken (f.b.brokken@rug.nl) Center of Information Technology University of Groningen 2013.](https://reader038.fdocuments.net/reader038/viewer/2022110322/56649d215503460f949f6665/html5/thumbnails/7.jpg)
7
Security Focus
CIA: Confidentiality Integrity
![Page 8: Focus on Security. 2 dr. Frank B. Brokken (f.b.brokken@rug.nl) Center of Information Technology University of Groningen 2013.](https://reader038.fdocuments.net/reader038/viewer/2022110322/56649d215503460f949f6665/html5/thumbnails/8.jpg)
8
Security Focus
CIA: Confidentiality Integrity Availability
![Page 9: Focus on Security. 2 dr. Frank B. Brokken (f.b.brokken@rug.nl) Center of Information Technology University of Groningen 2013.](https://reader038.fdocuments.net/reader038/viewer/2022110322/56649d215503460f949f6665/html5/thumbnails/9.jpg)
9
Security Risks
What are the risks when CIA is reduced ?
![Page 10: Focus on Security. 2 dr. Frank B. Brokken (f.b.brokken@rug.nl) Center of Information Technology University of Groningen 2013.](https://reader038.fdocuments.net/reader038/viewer/2022110322/56649d215503460f949f6665/html5/thumbnails/10.jpg)
10
Security Risks
Confidentiality Unauthorized access to confidential
information. Integrity
Abuse of data and/or computers. Availability
Can't use our computers/data
![Page 11: Focus on Security. 2 dr. Frank B. Brokken (f.b.brokken@rug.nl) Center of Information Technology University of Groningen 2013.](https://reader038.fdocuments.net/reader038/viewer/2022110322/56649d215503460f949f6665/html5/thumbnails/11.jpg)
11
Defense Mechanisms
We'll cover: Organization of prevention and
recovery How has `security' been organized at,
e.g., my university
![Page 12: Focus on Security. 2 dr. Frank B. Brokken (f.b.brokken@rug.nl) Center of Information Technology University of Groningen 2013.](https://reader038.fdocuments.net/reader038/viewer/2022110322/56649d215503460f949f6665/html5/thumbnails/12.jpg)
12
Defense Mechanisms
We'll cover: Organization of prevention and
recovery Dangers of commonly used practices
What's wrong with what we've learned to do in the past?
![Page 13: Focus on Security. 2 dr. Frank B. Brokken (f.b.brokken@rug.nl) Center of Information Technology University of Groningen 2013.](https://reader038.fdocuments.net/reader038/viewer/2022110322/56649d215503460f949f6665/html5/thumbnails/13.jpg)
13
Defense Mechanisms
We'll cover: Organization of prevention and
recovery Dangers of commonly used practices Improvements over these practices
What can we do to prevent falling in traps?
![Page 14: Focus on Security. 2 dr. Frank B. Brokken (f.b.brokken@rug.nl) Center of Information Technology University of Groningen 2013.](https://reader038.fdocuments.net/reader038/viewer/2022110322/56649d215503460f949f6665/html5/thumbnails/14.jpg)
14
Defense Mechanisms
We'll cover: Organization of prevention and
recovery Dangers of commonly used practices Improvements over these practices Firewalls: philosophies and setup, DMZs
What's the use of firewalls? How can they be deployed (and abused)?
![Page 15: Focus on Security. 2 dr. Frank B. Brokken (f.b.brokken@rug.nl) Center of Information Technology University of Groningen 2013.](https://reader038.fdocuments.net/reader038/viewer/2022110322/56649d215503460f949f6665/html5/thumbnails/15.jpg)
15
Defense Mechanisms
We'll cover: Organization of prevention and
recovery Dangers of commonly used practices Improvements over these practices Firewalls: philosophies and setup,
DMZs Securing information using encryption
How can encryption be used in real-life?
![Page 16: Focus on Security. 2 dr. Frank B. Brokken (f.b.brokken@rug.nl) Center of Information Technology University of Groningen 2013.](https://reader038.fdocuments.net/reader038/viewer/2022110322/56649d215503460f949f6665/html5/thumbnails/16.jpg)
16
Defense Mechanisms
We'll cover: Organization of prevention and recovery Dangers of commonly used practices Improvements over these practices Firewalls: philosophies and setup, DMZs Securing information using encryption Various tools will be covered during this
week. How can tools help to improve security?
![Page 17: Focus on Security. 2 dr. Frank B. Brokken (f.b.brokken@rug.nl) Center of Information Technology University of Groningen 2013.](https://reader038.fdocuments.net/reader038/viewer/2022110322/56649d215503460f949f6665/html5/thumbnails/17.jpg)
17
Prevention and Recovery
ICT Security: embed activities in larger structures. primarily a question of the right
mentality. rules and documents work to some
extent; foundation to fall back upon.
![Page 18: Focus on Security. 2 dr. Frank B. Brokken (f.b.brokken@rug.nl) Center of Information Technology University of Groningen 2013.](https://reader038.fdocuments.net/reader038/viewer/2022110322/56649d215503460f949f6665/html5/thumbnails/18.jpg)
18
Embedding ICT Security
Considerations: Role models:
who's handling incidents? new developments
The Communication Network Embedding ICT-Security Any activities Promoting ICT-Security?
![Page 19: Focus on Security. 2 dr. Frank B. Brokken (f.b.brokken@rug.nl) Center of Information Technology University of Groningen 2013.](https://reader038.fdocuments.net/reader038/viewer/2022110322/56649d215503460f949f6665/html5/thumbnails/19.jpg)
19
Role models: who's handling incidents?
Embedding ICT Security
![Page 20: Focus on Security. 2 dr. Frank B. Brokken (f.b.brokken@rug.nl) Center of Information Technology University of Groningen 2013.](https://reader038.fdocuments.net/reader038/viewer/2022110322/56649d215503460f949f6665/html5/thumbnails/20.jpg)
20
Role models: new developments
Embedding ICT Security
![Page 21: Focus on Security. 2 dr. Frank B. Brokken (f.b.brokken@rug.nl) Center of Information Technology University of Groningen 2013.](https://reader038.fdocuments.net/reader038/viewer/2022110322/56649d215503460f949f6665/html5/thumbnails/21.jpg)
21
The Communications Network University:
an organization of faculties and services. Systems managers: more or less `trusted'. The `Outside world':
how does information reach the University? what information reaches the University?
Embedding ICT Security
![Page 22: Focus on Security. 2 dr. Frank B. Brokken (f.b.brokken@rug.nl) Center of Information Technology University of Groningen 2013.](https://reader038.fdocuments.net/reader038/viewer/2022110322/56649d215503460f949f6665/html5/thumbnails/22.jpg)
22
SEP: Communications Network University: organization of faculties and
services. Systems managers: more or less `trusted'. `Outside world': how information reaches
the University.
October 2000: The University of Groningen introduced the function of ICT Security Manager.
Embedding ICT Security
![Page 23: Focus on Security. 2 dr. Frank B. Brokken (f.b.brokken@rug.nl) Center of Information Technology University of Groningen 2013.](https://reader038.fdocuments.net/reader038/viewer/2022110322/56649d215503460f949f6665/html5/thumbnails/23.jpg)
23
Communications Network Aim: create a communication
structure that is independent of the persons involved.
Embedding ICT Security
![Page 24: Focus on Security. 2 dr. Frank B. Brokken (f.b.brokken@rug.nl) Center of Information Technology University of Groningen 2013.](https://reader038.fdocuments.net/reader038/viewer/2022110322/56649d215503460f949f6665/html5/thumbnails/24.jpg)
24
The Communications Network
Primary link between Cert-NL and the University.
cert-nl
[email protected](SEP)
Outside world
Within theUniversity
Embedding ICT Security
![Page 25: Focus on Security. 2 dr. Frank B. Brokken (f.b.brokken@rug.nl) Center of Information Technology University of Groningen 2013.](https://reader038.fdocuments.net/reader038/viewer/2022110322/56649d215503460f949f6665/html5/thumbnails/25.jpg)
25
The Communications Network
Primary link between Cert-NL and the University.
SEP is a person, a member of a team.
cert-nl
[email protected](SEP)
Outside world
Within theUniversity
Embedding ICT Security
![Page 26: Focus on Security. 2 dr. Frank B. Brokken (f.b.brokken@rug.nl) Center of Information Technology University of Groningen 2013.](https://reader038.fdocuments.net/reader038/viewer/2022110322/56649d215503460f949f6665/html5/thumbnails/26.jpg)
26
Communications
SEP - member of a team The crash-team
technical specialists invoked to fight serious security-related incidents
cert-nl
[email protected](SEP)
Outside world
Within theUniversity
Embedding ICT Security
crashteam
![Page 27: Focus on Security. 2 dr. Frank B. Brokken (f.b.brokken@rug.nl) Center of Information Technology University of Groningen 2013.](https://reader038.fdocuments.net/reader038/viewer/2022110322/56649d215503460f949f6665/html5/thumbnails/27.jpg)
27
Embedding ICT-Security
U of GroningenU of GroningenU of Groningen
Embedding ICT Security
![Page 28: Focus on Security. 2 dr. Frank B. Brokken (f.b.brokken@rug.nl) Center of Information Technology University of Groningen 2013.](https://reader038.fdocuments.net/reader038/viewer/2022110322/56649d215503460f949f6665/html5/thumbnails/28.jpg)
28
Embedding ICT-Security
The security kernel group represents
the U. of Groningen's accredited
Terena cert team Sec. KernelGroup
director
SecurityManager
U of GroningenU of GroningenU of Groningen
ServicesFaculty Computing CenterFaculty
Unit Unit
...
Embedding ICT Security
Terena: Trans European Research and Education Networking Association
![Page 29: Focus on Security. 2 dr. Frank B. Brokken (f.b.brokken@rug.nl) Center of Information Technology University of Groningen 2013.](https://reader038.fdocuments.net/reader038/viewer/2022110322/56649d215503460f949f6665/html5/thumbnails/29.jpg)
29
Activities Promoting ICT-Security WebSite
http://www.rug.nl/cit/security
In particular note (also in English): https://www.rug.nl/cit/security/aup
(the Acceptable Use Policy of the U. of Groningen)
Embedding ICT Security
![Page 30: Focus on Security. 2 dr. Frank B. Brokken (f.b.brokken@rug.nl) Center of Information Technology University of Groningen 2013.](https://reader038.fdocuments.net/reader038/viewer/2022110322/56649d215503460f949f6665/html5/thumbnails/30.jpg)
30
Activities Promoting ICT-Security WebSite:
http://www.rug.nl/cit/security `Column' in bimonthly Pictogram
publication
Embedding ICT Security
![Page 31: Focus on Security. 2 dr. Frank B. Brokken (f.b.brokken@rug.nl) Center of Information Technology University of Groningen 2013.](https://reader038.fdocuments.net/reader038/viewer/2022110322/56649d215503460f949f6665/html5/thumbnails/31.jpg)
31
Activities Promoting ICT-Security WebSite:
http://www.rug.nl/cit/security `Column' in bimonthly Pictogram
publication Security Courses (honeypots,
GPG/PGP, forensics, security awareness, information security)
Embedding ICT Security
![Page 32: Focus on Security. 2 dr. Frank B. Brokken (f.b.brokken@rug.nl) Center of Information Technology University of Groningen 2013.](https://reader038.fdocuments.net/reader038/viewer/2022110322/56649d215503460f949f6665/html5/thumbnails/32.jpg)
32
Activities Promoting ICT-Security WebSite:
http://www.rug.nl/cit/security `Column' in bimonthly Pictogram
publication Security Courses (honeypots,
GPG/PGP, forensics, security awareness, information security)
Advisories, not just those that are asked-for.
Embedding ICT Security
![Page 33: Focus on Security. 2 dr. Frank B. Brokken (f.b.brokken@rug.nl) Center of Information Technology University of Groningen 2013.](https://reader038.fdocuments.net/reader038/viewer/2022110322/56649d215503460f949f6665/html5/thumbnails/33.jpg)
33
Activities Promoting ICT-Security WebSite: http://www.rug.nl/cit/security `Column' in bimonthly Pictogram publication Security Courses (honeypots, GPG/PGP,
forensics, security awareness, information security)
Advisories, not just those that are asked-for. Formal documents and procedures
AUP, shutting down accounts, access to data
Embedding ICT Security
![Page 34: Focus on Security. 2 dr. Frank B. Brokken (f.b.brokken@rug.nl) Center of Information Technology University of Groningen 2013.](https://reader038.fdocuments.net/reader038/viewer/2022110322/56649d215503460f949f6665/html5/thumbnails/34.jpg)
34
Activities Promoting ICT-Security WebSite: http://www.rug.nl/cit/security `Column' in bimonthly Pictogram
publication Security Courses (honeypots, GPG/PGP,
forensics, security awareness, information security)
Advisories, not only asked-for. Formal documents (e.g., the AUP) In general: be visible
Embedding ICT Security
![Page 35: Focus on Security. 2 dr. Frank B. Brokken (f.b.brokken@rug.nl) Center of Information Technology University of Groningen 2013.](https://reader038.fdocuments.net/reader038/viewer/2022110322/56649d215503460f949f6665/html5/thumbnails/35.jpg)
35
Acceptable Use Policy
...
Embedding ICT Security
![Page 36: Focus on Security. 2 dr. Frank B. Brokken (f.b.brokken@rug.nl) Center of Information Technology University of Groningen 2013.](https://reader038.fdocuments.net/reader038/viewer/2022110322/56649d215503460f949f6665/html5/thumbnails/36.jpg)
36
Some Sections in an Acceptable Use Policy: User responsibilities Responsibilities of Systems Managers Topics: passwords, facilities, privileges Consequences of abuse Legal framework
Framework for the AUP itself: BS 7799, ISO 27001.
Embedding ICT Security
![Page 37: Focus on Security. 2 dr. Frank B. Brokken (f.b.brokken@rug.nl) Center of Information Technology University of Groningen 2013.](https://reader038.fdocuments.net/reader038/viewer/2022110322/56649d215503460f949f6665/html5/thumbnails/37.jpg)
37
Attack Profiles
![Page 38: Focus on Security. 2 dr. Frank B. Brokken (f.b.brokken@rug.nl) Center of Information Technology University of Groningen 2013.](https://reader038.fdocuments.net/reader038/viewer/2022110322/56649d215503460f949f6665/html5/thumbnails/38.jpg)
38
Falkland war: HMS Sheffield
Who can be trusted ?
![Page 39: Focus on Security. 2 dr. Frank B. Brokken (f.b.brokken@rug.nl) Center of Information Technology University of Groningen 2013.](https://reader038.fdocuments.net/reader038/viewer/2022110322/56649d215503460f949f6665/html5/thumbnails/39.jpg)
39
Unhappy Employees
Who can be trusted ?
![Page 40: Focus on Security. 2 dr. Frank B. Brokken (f.b.brokken@rug.nl) Center of Information Technology University of Groningen 2013.](https://reader038.fdocuments.net/reader038/viewer/2022110322/56649d215503460f949f6665/html5/thumbnails/40.jpg)
40
Thrilling and yet: simple Script kiddies:
Who is the hacker ?
sub storeHdr{ return if !@{$_[0]};
push (@headers, [ @{$_[0]}
$subject = $headers[-1] if !$subject && ${ @{$_
if (${ @{$_[0]} }[0] =~ /^re push (@received, ${ @{$_ } }
![Page 41: Focus on Security. 2 dr. Frank B. Brokken (f.b.brokken@rug.nl) Center of Information Technology University of Groningen 2013.](https://reader038.fdocuments.net/reader038/viewer/2022110322/56649d215503460f949f6665/html5/thumbnails/41.jpg)
41
Professionals....
Dangers from unexpected corners
![Page 42: Focus on Security. 2 dr. Frank B. Brokken (f.b.brokken@rug.nl) Center of Information Technology University of Groningen 2013.](https://reader038.fdocuments.net/reader038/viewer/2022110322/56649d215503460f949f6665/html5/thumbnails/42.jpg)
42
Information Security
If you spend more on coffee than on IT security,
then you will be hacked.
What's more, you deserve to be hacked.
Richard Clarke
Former Special Advisor to the US President on Cybersecurity
But also....
![Page 43: Focus on Security. 2 dr. Frank B. Brokken (f.b.brokken@rug.nl) Center of Information Technology University of Groningen 2013.](https://reader038.fdocuments.net/reader038/viewer/2022110322/56649d215503460f949f6665/html5/thumbnails/43.jpg)
43
Serious Incidents: Medical faculty, Space Research
Center, Child Pornography, `February 2007' hack
Communicate the incident to law-enforcement agencies
What is the response ?
![Page 44: Focus on Security. 2 dr. Frank B. Brokken (f.b.brokken@rug.nl) Center of Information Technology University of Groningen 2013.](https://reader038.fdocuments.net/reader038/viewer/2022110322/56649d215503460f949f6665/html5/thumbnails/44.jpg)
44
Dangers of Common Practices
Clear-text protocols Main danger: password sniffing
![Page 45: Focus on Security. 2 dr. Frank B. Brokken (f.b.brokken@rug.nl) Center of Information Technology University of Groningen 2013.](https://reader038.fdocuments.net/reader038/viewer/2022110322/56649d215503460f949f6665/html5/thumbnails/45.jpg)
45
Dangers of Common Practices
Clear-text protocols Outdated Software
Main danger: well-known exploits allow hackers to intrude into your system
![Page 46: Focus on Security. 2 dr. Frank B. Brokken (f.b.brokken@rug.nl) Center of Information Technology University of Groningen 2013.](https://reader038.fdocuments.net/reader038/viewer/2022110322/56649d215503460f949f6665/html5/thumbnails/46.jpg)
46
Dangers of Common Practices
Clear-text protocols Outdated Software Sleepy System Administrators
Main danger: Intrusions are not detected when they have occurred
![Page 47: Focus on Security. 2 dr. Frank B. Brokken (f.b.brokken@rug.nl) Center of Information Technology University of Groningen 2013.](https://reader038.fdocuments.net/reader038/viewer/2022110322/56649d215503460f949f6665/html5/thumbnails/47.jpg)
47
Dangers of Common Practices
Clear-text protocols Outdated Software Sleepy System Administrators Too liberally configured systems
Main danger: Intruders may use many approach routes, serious system management becomes too time-consuming
![Page 48: Focus on Security. 2 dr. Frank B. Brokken (f.b.brokken@rug.nl) Center of Information Technology University of Groningen 2013.](https://reader038.fdocuments.net/reader038/viewer/2022110322/56649d215503460f949f6665/html5/thumbnails/48.jpg)
48
Dangers of Common Practices
Clear-text protocols Outdated Software Sleepy System Administrators Too liberally configured systems Weak Passwords
Main danger: intruders gain access through guessed or probed passwords.
![Page 49: Focus on Security. 2 dr. Frank B. Brokken (f.b.brokken@rug.nl) Center of Information Technology University of Groningen 2013.](https://reader038.fdocuments.net/reader038/viewer/2022110322/56649d215503460f949f6665/html5/thumbnails/49.jpg)
49
Clear Text Protocols
Internet traffic uses routes: traceroute to 221.117.40.249 (221.117.40.249),
1 129.125.3.252 2 Gi11-0.AR5.Groningen1.surf.net 3 PO6-0.CR2.Amsterdam1.surf.net 4 PO1-0.CR1.Amsterdam1.surf.net 5 P0-0.BR1.Amsterdam1.surf.net 6 ge-2-1-0.ar1.AMS1.gblx.net 7 so4-0-0-2488M.cr2.AMS2.gblx.net 8 pos1-0-2488M.cr2.WDC2.gblx.net 9 so5-1-0-2488M.ar1.DCA3.gblx.net 10 208.51.6.34 11 p16-0-1-2.r20.plalca01.us.bb.verio.net 12 xe-0-2-0.r21.plalca01.us.bb.verio.net 13 p64-0-0-0.r21.mlpsca01.us.bb.verio.net 14 p16-6-0-0.r80.mlpsca01.us.bb.verio.net 15 p16-0-2-0.r20.tokyjp01.jp.bb.verio.net 16 xe-1-0-0.a21.tokyjp01.jp.ra.verio.net 17 61.213.161.90 18 61.122.114.93 19 61.122.113.6 20 usen-221x112x21x130.ap-US01.usen.ad.jp 21 usen-221x117x40x249.ap-US01.usen.ad.jp
![Page 50: Focus on Security. 2 dr. Frank B. Brokken (f.b.brokken@rug.nl) Center of Information Technology University of Groningen 2013.](https://reader038.fdocuments.net/reader038/viewer/2022110322/56649d215503460f949f6665/html5/thumbnails/50.jpg)
50
Clear Text Protocols
Information is often sent using clear text:
e-mail WWW telnet File sharing (smb) RPC
Hackers may intercept this information anywhere along the route using sniffers.
![Page 51: Focus on Security. 2 dr. Frank B. Brokken (f.b.brokken@rug.nl) Center of Information Technology University of Groningen 2013.](https://reader038.fdocuments.net/reader038/viewer/2022110322/56649d215503460f949f6665/html5/thumbnails/51.jpg)
51
Clear Text Protocols
Hackers may intercept this information anywhere along the route using sniffers:
Hackers uses tools to read the information:
ICCE Hexadecimal Byte Dump Utility. Version 1.20.Copyright ICCE (c), 1989 - 1996. All rights reserved.
00000000: D4 C3 B2 A1 02 00 04 00 00 00 00 00 00 00 00 00 ................00000010: DC 05 00 00 01 00 00 00 2B A6 1F 40 A2 6E 0A 00 [email protected]: 3C 00 00 00 3C 00 00 00 FF FF FF FF FF FF 00 07 <...<...........00000030: E9 D9 4E DF 00 2C E0 E0 03 FF FF 00 28 00 01 00 ..N..,......(...00000040: 10 80 22 FF FF FF FF FF FF 04 53 00 10 80 22 00 ..".......S...".00000050: 07 E9 D9 4E DF 04 53 00 02 9A AA 78 25 00 02 00 ...N..S....x%...
![Page 52: Focus on Security. 2 dr. Frank B. Brokken (f.b.brokken@rug.nl) Center of Information Technology University of Groningen 2013.](https://reader038.fdocuments.net/reader038/viewer/2022110322/56649d215503460f949f6665/html5/thumbnails/52.jpg)
52
Clear Text Protocols
![Page 53: Focus on Security. 2 dr. Frank B. Brokken (f.b.brokken@rug.nl) Center of Information Technology University of Groningen 2013.](https://reader038.fdocuments.net/reader038/viewer/2022110322/56649d215503460f949f6665/html5/thumbnails/53.jpg)
53
Clear Text Protocols
The hacker now looks for something promising, like e-mail ...
![Page 54: Focus on Security. 2 dr. Frank B. Brokken (f.b.brokken@rug.nl) Center of Information Technology University of Groningen 2013.](https://reader038.fdocuments.net/reader038/viewer/2022110322/56649d215503460f949f6665/html5/thumbnails/54.jpg)
54
Clear Text Protocols
![Page 55: Focus on Security. 2 dr. Frank B. Brokken (f.b.brokken@rug.nl) Center of Information Technology University of Groningen 2013.](https://reader038.fdocuments.net/reader038/viewer/2022110322/56649d215503460f949f6665/html5/thumbnails/55.jpg)
55
Clear Text Protocols
Next, the hacker retrieves the whole e-mail text...
![Page 56: Focus on Security. 2 dr. Frank B. Brokken (f.b.brokken@rug.nl) Center of Information Technology University of Groningen 2013.](https://reader038.fdocuments.net/reader038/viewer/2022110322/56649d215503460f949f6665/html5/thumbnails/56.jpg)
56
Clear Text Protocols
How clear-text is e-mail anyway? When encryption is used, the information
is unreadable. Intercepting e-mail between MTA's using TLS results in illegible stream contents.
Mail Transfer Agents (MTAs) often use TLS: Transport Layer Security.
![Page 57: Focus on Security. 2 dr. Frank B. Brokken (f.b.brokken@rug.nl) Center of Information Technology University of Groningen 2013.](https://reader038.fdocuments.net/reader038/viewer/2022110322/56649d215503460f949f6665/html5/thumbnails/57.jpg)
57
Abusing Clear Text Protocols
TLS in the Open System Interconnection (OSI) model:
![Page 58: Focus on Security. 2 dr. Frank B. Brokken (f.b.brokken@rug.nl) Center of Information Technology University of Groningen 2013.](https://reader038.fdocuments.net/reader038/viewer/2022110322/56649d215503460f949f6665/html5/thumbnails/58.jpg)
58
An Aside: the OSI model
Examples of the OSI layers: 7 Application: SSH, DHCP, HTTP, DNS, LDAP,
SMTP 6 Presentation: encryption, serialization 5 Session: authorization, authentication,
restoration 4 Transport: End-to-end, TCP, UDP 3 Network: Internet address (IP), routing 2 Data Link: Ethernet, MAC, error correction 1 Physical: cables and signal transmission
![Page 59: Focus on Security. 2 dr. Frank B. Brokken (f.b.brokken@rug.nl) Center of Information Technology University of Groningen 2013.](https://reader038.fdocuments.net/reader038/viewer/2022110322/56649d215503460f949f6665/html5/thumbnails/59.jpg)
59
Clear Text Protocols?
![Page 60: Focus on Security. 2 dr. Frank B. Brokken (f.b.brokken@rug.nl) Center of Information Technology University of Groningen 2013.](https://reader038.fdocuments.net/reader038/viewer/2022110322/56649d215503460f949f6665/html5/thumbnails/60.jpg)
60
Countermeasures against clear-text communication:
TLS is nice, but verifiability is better Cleartext storage of sensitive
information is suboptimal GPG/PGP solves both verifiability and
sensitivity problems. In general: clear text transport and
storage of sensitive information should be avoided and/or prohibited.
Countermeasures
![Page 61: Focus on Security. 2 dr. Frank B. Brokken (f.b.brokken@rug.nl) Center of Information Technology University of Groningen 2013.](https://reader038.fdocuments.net/reader038/viewer/2022110322/56649d215503460f949f6665/html5/thumbnails/61.jpg)
61
Unreadable for the man in the middle Example of intercepted SSH
communication:
Defenses: Don't Use Clear Text
![Page 62: Focus on Security. 2 dr. Frank B. Brokken (f.b.brokken@rug.nl) Center of Information Technology University of Groningen 2013.](https://reader038.fdocuments.net/reader038/viewer/2022110322/56649d215503460f949f6665/html5/thumbnails/62.jpg)
62Defenses: Don't Use Clear Text
![Page 63: Focus on Security. 2 dr. Frank B. Brokken (f.b.brokken@rug.nl) Center of Information Technology University of Groningen 2013.](https://reader038.fdocuments.net/reader038/viewer/2022110322/56649d215503460f949f6665/html5/thumbnails/63.jpg)
63
Countermeasures Encryption:
Encryption is used for TLS, SSL, and thus SMTP, SSH, HTTPS, SFTP, ....
Generally: all those `S' protocols, and PGP/GPG
All are using a Public Key Infrastructure (PKI).
![Page 64: Focus on Security. 2 dr. Frank B. Brokken (f.b.brokken@rug.nl) Center of Information Technology University of Groningen 2013.](https://reader038.fdocuments.net/reader038/viewer/2022110322/56649d215503460f949f6665/html5/thumbnails/64.jpg)
64
Countermeasures Problem: the man-in-the-middle (MIM):
MIM: acts asthe Recipient forthe Sender, and as the Sender for
the Recipient
Clear text
MIM's private/public keys
![Page 65: Focus on Security. 2 dr. Frank B. Brokken (f.b.brokken@rug.nl) Center of Information Technology University of Groningen 2013.](https://reader038.fdocuments.net/reader038/viewer/2022110322/56649d215503460f949f6665/html5/thumbnails/65.jpg)
65
Countermeasures Solving the MIM-problem (1)
Sender/Recipient verify their identities
And exchange the identifications of their public keys (the key's fingerprint)
![Page 66: Focus on Security. 2 dr. Frank B. Brokken (f.b.brokken@rug.nl) Center of Information Technology University of Groningen 2013.](https://reader038.fdocuments.net/reader038/viewer/2022110322/56649d215503460f949f6665/html5/thumbnails/66.jpg)
66
Countermeasures Solving the MIM-problem (2)
Use a trusted third party to verify the other party's identity
![Page 67: Focus on Security. 2 dr. Frank B. Brokken (f.b.brokken@rug.nl) Center of Information Technology University of Groningen 2013.](https://reader038.fdocuments.net/reader038/viewer/2022110322/56649d215503460f949f6665/html5/thumbnails/67.jpg)
67
What is a fingerprint? A cryptographically strong hash-value of
an electronic document (like a public key) How to verify an ssh-host's certificate?
A host's ssh-key usually is found here:
/etc/ssh/ssh_host_rsa_key. To compute its fingerprint:
ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key
Countermeasures
![Page 68: Focus on Security. 2 dr. Frank B. Brokken (f.b.brokken@rug.nl) Center of Information Technology University of Groningen 2013.](https://reader038.fdocuments.net/reader038/viewer/2022110322/56649d215503460f949f6665/html5/thumbnails/68.jpg)
68
Countermeasures Encryption:
Use encryption when transporting sensitive data (e.g., https, secure http)
![Page 69: Focus on Security. 2 dr. Frank B. Brokken (f.b.brokken@rug.nl) Center of Information Technology University of Groningen 2013.](https://reader038.fdocuments.net/reader038/viewer/2022110322/56649d215503460f949f6665/html5/thumbnails/69.jpg)
69
Encryption: Inspect and
verify thecertificate:
Countermeasures
![Page 70: Focus on Security. 2 dr. Frank B. Brokken (f.b.brokken@rug.nl) Center of Information Technology University of Groningen 2013.](https://reader038.fdocuments.net/reader038/viewer/2022110322/56649d215503460f949f6665/html5/thumbnails/70.jpg)
70
Encryption using Public Key Infrastructure (PKI) Widely known public key Privately kept private (or secret) key Passphrase to use private key Software is free No known practically feasible way to
subvert
PGP/GPG
![Page 71: Focus on Security. 2 dr. Frank B. Brokken (f.b.brokken@rug.nl) Center of Information Technology University of Groningen 2013.](https://reader038.fdocuments.net/reader038/viewer/2022110322/56649d215503460f949f6665/html5/thumbnails/71.jpg)
71
Facilities: Encrypt your own sensitive data Ensure the authenticity of a sender
(maybe yourself to somebody else) Ensure that nobody but the intended
sender is able to read confidential information
PGP/GPG
![Page 72: Focus on Security. 2 dr. Frank B. Brokken (f.b.brokken@rug.nl) Center of Information Technology University of Groningen 2013.](https://reader038.fdocuments.net/reader038/viewer/2022110322/56649d215503460f949f6665/html5/thumbnails/72.jpg)
72
GPG/PGPPretty Good Privacy/Gnu's Privacy
Guard
![Page 73: Focus on Security. 2 dr. Frank B. Brokken (f.b.brokken@rug.nl) Center of Information Technology University of Groningen 2013.](https://reader038.fdocuments.net/reader038/viewer/2022110322/56649d215503460f949f6665/html5/thumbnails/73.jpg)
73
Software often contains (serious) bugs:
Buggy Software
http://cve.mitre.org/cve/cve.html
![Page 74: Focus on Security. 2 dr. Frank B. Brokken (f.b.brokken@rug.nl) Center of Information Technology University of Groningen 2013.](https://reader038.fdocuments.net/reader038/viewer/2022110322/56649d215503460f949f6665/html5/thumbnails/74.jpg)
74
Most problems are caused by a bad security mentality: indifference, lack of knowledge
Irrespective of those serious psychological defects, hackers try to exploit (not so)well-known weaknesses in software.
But ...
Update Software
![Page 75: Focus on Security. 2 dr. Frank B. Brokken (f.b.brokken@rug.nl) Center of Information Technology University of Groningen 2013.](https://reader038.fdocuments.net/reader038/viewer/2022110322/56649d215503460f949f6665/html5/thumbnails/75.jpg)
75
Most problems are caused by a bad security mentality: indifference, lack of knowledge Irrespective of those serious psychological
defects, hackers try to exploit (not so) well-known weaknesses in software.
How do you know the update itself is not distributed by the hacker? Use signatures!
Update Software
Frank B. Brokken Computing Center, University of Groningen (+31) 50 363 9281 Public PGP key: http://pgp.surfnet.nl:11371 Key Fingerprint: DF32 13DE B156 7732 E65E 3B4D 7DB2 A8BE EAE4 D8AA
![Page 76: Focus on Security. 2 dr. Frank B. Brokken (f.b.brokken@rug.nl) Center of Information Technology University of Groningen 2013.](https://reader038.fdocuments.net/reader038/viewer/2022110322/56649d215503460f949f6665/html5/thumbnails/76.jpg)
76
Password files may often be grabbed By local users Using XSS and friends, e.g., web-forms
Using brute force password-cracking, dictionary attacks, or rainbow tables the hacker searches until a match is found. Various tools for password cracking exist
(e.g. john)
Weak Passwords
![Page 77: Focus on Security. 2 dr. Frank B. Brokken (f.b.brokken@rug.nl) Center of Information Technology University of Groningen 2013.](https://reader038.fdocuments.net/reader038/viewer/2022110322/56649d215503460f949f6665/html5/thumbnails/77.jpg)
77
IP addresses Cf: street and house-numbers
(129.125.xxx.yyy) Ports:
cf. rooms inside a hotel Services are often found at standard
ports: 25: smtp (e-mail) 80: http (www) 137/138: Windows RPC
Liberally configured Systems
![Page 78: Focus on Security. 2 dr. Frank B. Brokken (f.b.brokken@rug.nl) Center of Information Technology University of Groningen 2013.](https://reader038.fdocuments.net/reader038/viewer/2022110322/56649d215503460f949f6665/html5/thumbnails/78.jpg)
78
Services are often found at standard ports:
Hacker scans the (well-known) ports; Hacker exploits well-known
weaknesses:Starting nmap V. 5.00 ( http://nmap.org ) at 2010-10-14 13:46 CESTInteresting ports on pc-128.rc.rug.nl (129.125.3.143):(The 1552 ports scanned but not shown below are in state: closed)Port State Service135/tcp open loc-srv 139/tcp open netbios-ssn
Remote opeRunning (JUST GUESSING) : Microsoft Windows XP|2000|2003 (95%)
Nmap run completed -- 1 IP address (1 host up) scanned in 2 seconds
Liberally configured Systems
![Page 79: Focus on Security. 2 dr. Frank B. Brokken (f.b.brokken@rug.nl) Center of Information Technology University of Groningen 2013.](https://reader038.fdocuments.net/reader038/viewer/2022110322/56649d215503460f949f6665/html5/thumbnails/79.jpg)
79
Virtual Machines VMWare, VirtualBox
Widely known and great way to nest operating systems in your computer
But there is more than merely Virtual Machines:
Disposable VMs Be sure to follow up on Joanna Rutkowska's
invisible things lab, and the Qubes OS.
Countermeasures
http://invisiblethingslab.com/itl/Welcome.html
![Page 80: Focus on Security. 2 dr. Frank B. Brokken (f.b.brokken@rug.nl) Center of Information Technology University of Groningen 2013.](https://reader038.fdocuments.net/reader038/viewer/2022110322/56649d215503460f949f6665/html5/thumbnails/80.jpg)
80
Day 2: Hardening the local system Basic principles behind `System
Hardening' Deploying a File Integrity Scanner
(Stealth)
ICT Security
![Page 81: Focus on Security. 2 dr. Frank B. Brokken (f.b.brokken@rug.nl) Center of Information Technology University of Groningen 2013.](https://reader038.fdocuments.net/reader038/viewer/2022110322/56649d215503460f949f6665/html5/thumbnails/81.jpg)
81
Focus on SecurityGeneral Principles
dr. Frank B. Brokken
Center of Information TechnologyUniversity of Groningen
2013