Introduction to computer systems, networks and security Workshop 11: Network Security FIT1047 ABM Russel, Guido Tack, Carsten Rudolph Learning Outcomes At the end of this workshop, you will: Describe key establishment mechanisms and transport layer security protocols Discuss the use of firewalls and VPNs in different network scenarios Understand how large and small organisations can use security controls to provide perimeter protection for their networks Identify the use of security protocols in network traffic Assignment 3 Assignment 3 In part 1, students will record data from real-world wireless networks and demonstrate that they can analyse it, identify its properties and potential issues. In part 2, students analyse Internet traffic and identify addresses, servers, clients and protocols used. WLAN Network Design and Security (35 marks) o Survey (15 marks) o Report (20 marks) Internet Traffic Analysis (25 marks) ACTIVITY 1A: Firewall What is a firewall in computer networks ● A firewall in general is a barrier ● In computer networks it is a barrier between some (more secure) internal network and a (less secure) outside network (i.e. the Internet) ● Without it, devices are visible and accessible. If they are vulnerable, they can be hacked ● A network firewall filters traffic, it does not completely block traffic! ● Security rules define what can get through and what is blocked (in both directions in and out) Packet filtering Basic firewall version Filters packets on Network layer (and above) Filters based on source and destination IP addresses, protocol IDs, ports, current stage of a connection (if stateful) Static filtering rule set Standard security mechanism Activity 1 Part A: 10 mins Work in a small group Discuss some advantages and disadvantages of Packet Firewalls Packet Firewalls in the real-world. A list of port numbers is given in FLUX. Research and share in which situation which port needs to be open To participate, go to: https://flux.qa/ Use workshop specific join code available in Moodle ACTIVITY 1B: Intrusion detection and prevention IDS and IPS IDS: Intrusion Detection System Monitors network and/or system activities. Alerts when potentially malicious activity is found. Logs information about activities. IPS: Intrusion Prevention System IDS with additional active functionality. Attempts to block or stop malicious activities. How do IDS/IPSs work IDS/IPS use anomaly-based detection and signature-based detection. Signature-based is fast, generates less false positives and does not need a learning phase. Anomaly-based can detect previously unknown attacks Next-generation firewalls (NGF) Promise an integrated security approach Proxy for all traffic (even encrypted) In principle, powerful security tools Look at applications, logical segments, roles, services, users, etc. Potential NGF problems Policy rules get too complex Proxy for TLS etc. breaks end-to-end security – Single point of attack with full access to decrypted data Encapsulated encryption still possible Privacy issues Unable to detect new (disguised) malware Example for a 2017 TLS proxy behaviour (The Security Impact of HTTPS Interception, Zakir Durumeric at. al., NDSS’17) Activity 1 Part B: 20 mins Work in a small group Discuss if it is a good idea to have several firewalls. What is DMZ Sketch a small company network and discuss where firewalls, webserver, mailserver, database server for administration and finance go. To participate, go to: https://flux.qa/ Use workshop specific join code available in Moodle Break: 10 mins ACTIVITY 2A: Passwords Access control A central question in cyber security is about who (persons, processes, devices, etc.) has access to which resources in the system. Resources: read files, execute programs, change database content, share data with others, print, use a camera and microphone, etc. First step: Authenticate a person Identify at login Who can use the computer, application, etc. Authenticate particular transactions For critical transactions, we might need to check again Parameters Can we link “identities” to authentication mechanisms Different parameters: – something you know (password, PIN) – something you have (phone, hardware token) – others (location, fingerprint, etc.) Passwords are still the most common mechanism! Multi-factor authentication Combines different ways of authentication Example: Monash login with password plus authentication app or hardware token It is strongly recommended to not rely on a single factor for everything that matters! Authentication of Transactions E.g. for money transfer in banking Transaction Authentication Numbers (TANs) are usually not linked to a specific transaction SMS TANs can show info on transactions and it is another factor. However, SMS text messages are not particularly secure and numbers can be stolen (SIM swap) TAN generator reads barcode from screen and generates TAN linked to transaction, but is not very usable Passwords in a computer Activity 2 Part A: 10 mins Work in a small group Discuss MFA. Compare the use of Okta with the use of Facebook/Google accounts for services in the Internet. Find and share some real-world weak / compromised passwords (that are not to be used) To participate, go to: https://flux.qa/ Use workshop specific join code available in Moodle ACTIVITY 2B: Access control in larger networks What are access rights What are users allowed to do Read, write/change, execute in many different variants Can be based on groups of users or attributes/roles: E.g., “all Monash students are allowed to access this website” One way to do this is to define Access Control Lists ACLs, that basically list who (individual user, role, set of attributes) is allowed to do what. ACLs don’t scale well. Imagine a company with 1000 staff and managing 200 applications requires 2 Million entries that need to be maintained across a network. How can we make access control manageable and usable Ticket or token-based access control A central server checks authenticity and issues tickets. A ticket contains identity information and can also restrict capabilities (i.e. what is the user allowed to do) Examples: Kerberos, Microsoft Active Directory Kerberos (idealised abstraction) Single sign-on Just log in once and access many services (e.g. Monash University) Very convenient. High usability Single point of failure. Needs secure implementation and high level of control. Is usually one of the first targets for network intruders. Activity 2 Part B: 20 mins ● Work in a small group ● Discuss how Access Control could be circumvented ● Find and share a list of threats to computers, networks and Internet of Things devices To participate, go to: https://flux.qa/ Use workshop specific join code available in Moodle Introduction to computer systems, networks and security FIT1047 See you next week! Before next week’s workshop: Weekly videos and readings Workshop 11: Network Security
