Søk i Webskolen:

Globale linker

• Linker
• Oppgaver

Inet+

• Index
• Chapter 1
• Chapter 2
• Chapter 3
• Chapter 4
• Chapter 5
• Chapter 6
• Skilldrill
• På norsk

Tester

• 280 test
• 72 test
• 55 test

Braindumps

• Braindump1
• Braindump2
• Braindump3

Chapter 5 Internet Security Overview

• Define various Internet security concepts
• Describe a Virtual Private Network and its functionality
• Describe suspicious activities detectable on a network
• Describe access security features used on Web servers
• Describe anti-virus software by purpose
• Describe security requirements for an Internet, Extranet and Intranet

Internet security basics

Access control is used to protect unauthorized browsing or retrieval of information from a computer that is connected to a network. An Access Control List (ASL) is one method used by operating systems to prevent unauthorized access to system resources. An ACL is set up as a table containing name-permission pairs. Each entry in the list is called an Access Control Entry (ACE). Each ACE name-permission pair contains the name of the user or group and the permission assigned. The most common access rights include read, write and execute.

A Firewall is a system designed to protect against unauthorized access to or from a private network, such as an intranet. Firewalls can be set up in software, hardware or a combination of both. Often the firewall computer is kept separate from the rest of the network so that no incoming requests can get directly at private network resources.
All messages coming in or going out pass through the firewall, where they are checked for proper security authorization. Messages without proper clearance are blocked.
Firewall screening methods fall into two basic categories: packet filtering and proxy servers.

Packet filtering is a firewall method that enables each packet of data to be examined and processed selectively. The rules for filtering are based on packet header information, which include the source and destination IP addresses and port information.
Packet Filtering is implemented on network routers. A router is a device that connects two networks.

IP spoofing occurs when an intruder steals the IP address of a trusted host and uses it to impersonate or pretend to be that host. The intruder packet falsely contains the source IP address of the inside system.
Using a protocol analyzer or other device to intercept and decode packets sent to and from the server in order to find the account ID and password. Will only work if password is sent in unencrypted form.

The main function of a proxy server is to safeguard local network IP addresses by keeping them hidden. Hiding a local IP address is done by replacing it with a proxy prior to an outside system. When a proxy server is used, the only IP address ever seen by servers on the Internet is that of the proxy server.
Before sending the request to the internet server, the proxy server does the following:

• checks to see if the requested page is already available in the system cache
• if not, removes the local IP address from the request
• adds one of its own IP addresses to the request
• sends the request to the Web server
• upon receipt of the requested Web page, forwards the response back to the local user either directly or through the local network firewall.

Authentication is the process of identifying users who are attempting to access a system to ensure they are who they claim to be. This is typically done using usernames and passwords, which are sent as clear text. It is more secure when requiring that password information be sent over Secure Socket layer (SSL), which uses public key encryption to secure the information.

Encryption uses a mathematical algorithm to convert data (plaintext) into an unintelligible form called cipher text. To perform this conversion, the algorithm uses the original data together with a unique numeric value called a key.

Decryption is the process of converting encrypted data back into its original form so it can be read and understood. This conversion requires the encrypted text together with a corresponding algorithm and key.

Private key encryption (symmetric) makes use of a single private key that is used for both encrypting and decrypting. The key must be shared by both the sender and the receiver.

With public key encryption (asymmetric), each individual gets a pair of related keys. One is a public key made known to everyone. The other corresponding key is kept private; it is known only to the owner of the key.

A digital signature helps to uniquely identify the sender. It also ensures that the data received has not been altered in anyway since it was sent.To create a digital signature, the sender signs (encrypts) the message using the sender's own private key. The recipient then decrypts using the signer's public key.

Man-in-the-middle: intercepting messages and then impersonating one of the communicating parties.

Remote authentication involves logging on from an external network. The telnet protocol is used on the Internet to provide remote logon. When logging on, passwords are passed over the network as plaintext and are vulnerable to interception.

The Secure Sockets Layer (SSL) protocol is a low-level authentication and encryption method used to secure transactions in higher-level protocols, such as HTTP and FTP. Using SSL, clients and servers establish a secure link across the network to protect the information being sent and received.
The SSL protocol uses an initial client/server handshake process to decide on the type of security to be used during conversation. Once determined, all subsequent communications are encrypted.
SSL can employ the use of digital envelopes or Verification certificates. The certificate information must be registered with a Certificate Authority (CA).
Clients requesting documents stored in SSL-enabled directories must use the https:// URL format instead of the standard http://

Digital envelopes use public key encryption.

A Certificate is an authentication tool that uses a secure protocol to establish a secure connection. The certificate will include information about who made it, who it belongs to, its unique serial number, its expiration date and the encryption itself.
Certificate are provided by a Certificate Authority (CA), the signature of the CA can be verified using the CAs public key. A certificate can be obtained from VeriSign or Cardservice. You can also act as your own CA by using a Certificate server. These are servers that are specifically intended to issue, check and revoke certificates.

Secure Multipurpose Internet Mail Extensions (S/MIME) was designed to provide secure electronic messaging. S/MIME uses uses digital envelope technology together with digital signatures. It also uses the X.509 format for digital certificates.

An Auditor determines the security level of a network. An auditor works like a hacker attempting to discover, penetrate and control the network system. Once weaknesses are discovered, auditors perform an analysis to determine what steps need to be taken to improve the network's security defense.

Secure Electronic Transactions (SET)

SET is a system that secures financial transactions over the Internet through the use of certificates between the purchaser and the merchant. It is mostly used by credit card companies.
The SET protocols are designed to use private and public cryptography techniques to secure data being transmitted. The merchant never sees the credit card number. All credit card information is sent encrypted to the merchant's bank only.
The data being moved through the SET system is authenticated using digital signature techniques, with a combination of protocols, such as MD5 and RSA.
SET software can be installed and configured on your system. One SET program is Merchant SET POS.

Intrusion and detection

Log file analysis is the science of detecting problems in a system after they have occurred, with the goal of preventing reoccurrence of those problems.
A Log File is a record of activity. Log file types include:

• Operating system log files
  Can track logon/logoff, file and directory access, file modification, deletion attempts.
• Internet server logs
  IIS support some level of logging; including:
  • date of logged activity
  • time of logged activity
  • client IP address
  • user name
  • serverport
  • method of action
  • bytes sent
  • bytes received
  • time taken
  • user agent
  • referrer
• Other device logs.
  Logging options for gateways, firewalls, proxies and other server and security devices.
• Third party logs
  Typically, third-party logging utilities are able to track more information than the device's internal log.

Flooding

• Denial of Service (DoS)
  DoS attacks are designed to knock your server of the network.
• Ping attacks
  • Ping of death
    With Ping of death, you send very large packets to the destination host. Send them large enough and fast enough and you may be able to lock down the server.
  • Ping flood
    With Ping Flood, an endless stream of ICMP packets is sent to the destination host, tying up communications and possibly overloading the server.
• SYN floods
  SYN flood attacks work by sending a TCP connection request to the target computer. The source IP address is replaced with a false (spoofed), typically one that does not exist on the Internet. The target computer tries to connect to the source address. Since there is no response, the target computer will attempt to resend the response.
  These attacks become a problem when the attacker sends a flood of the SYN requests, tying up target computer resources.
  An intruder can write a program that will establish a connection with your server and half-open TCP ports. That will block the access to your server.
• Mail attacks
  • Spam
    Unsolicited e-mail, typically advertisements and announcements. One way of blocking spam is by denying the message at your mail server. You can block messages based on e-mail address or domain address.
  • Mail floods
    If enough mail comes flooding into your mail server, it can tie up all of your mail resources and fill up available disk space. Can be generated through automated utilities.
  • Mail bombs
    Typically fall more into the category of viruses and Trojan horses. A virus or executable file is attached to the message.

Virtual Private Networks (VPN)

A VPN consists of a limited number of computers owned by a single enterprise that share information specifically with each other. A VPN uses the Internet as the transport backbone to make links between, business partners, main and regional offices, vendors and suppliers. It is called virtual because it depends on the use of virtual, or temporary, connections that have no real physical presence, but consist of packets routed over various machines in the Internet on an ad-hoc basis.

A VPN can be defined in one of three primary categories:

• Intranet
  Communications between internal corporate departments and branch offices.
• Remote Access
  Communications between a corporate network and remote or mobile employees.
• Extranet
  Communications between a corporation and its suppliers, customers and strategic partners.

VPNs often use protocols like PPTP (Point-to-point tunneling protocol. A protocol which allows private networks to connect to one another via the public network (the Internet). Using encryption, PPTP allows companies to connect LANs together over the Internet. Also known as a Virtual Private Network (VPN)), L2TP and L2F. These protocols are designed to authenticate Point-to-point (PPP) based access by individual users. The industry standard for internet-based VPNs is Ipsec.

Access control includes:

• firewall
  A firewall is a piece of equipment that is used to protect an Internet connection from unauthorized intrusion. It is configured to allow most outgoing traffic through but prevent unauthorized incoming traffic access to the network
• authentication
  Is comparable to logging on to a system with a username and password and ensures both VPN entities that they are exchanging data with the correct host or user.VPN authentication systems use a shared key system. The keys are activated at the beginning of the session to validate the user's access and then at random during the course of a session to ensure that an imposter did not surreptitiously gain access.
• encryption
  Authentication can also be used to ensure data integrity.
  IPsec is a recent standard for encrypting data packets. Using IPsec, data is encrypted at the network layer.
• tunneling
  Many VPN packages use tunneling to create a private network and secure client connections over the Internet. These include AltaVista Tunnel, PPTP, L2F and IPsec's tunnel mode. IP tunneling offers an easy and cost-effective way to provide secure point-to-point tunnels through the Internet.

Server protection

Hackers and crackers are people who possess the ability to infiltrate a system with the purpose of either examining or corrupting the system.

Trojan horses take their name from the story of the trojan horse. They are seemingly safe files that can carry a promise of doing something interesting or useful. They often come disguised as something tempting, such as a game, to make you more likely to execute them.
Trojan horses are the main way that viruses gain access to computers. Usually encountered through e-mail that contains an attached executable file. Trojan horses will perform an unwanted function without the user's knowledge or consent.

UUCP is a collection of programs that provide rudimentary networking. UUCP allowed the birth of the worldwide network of computers called Usenet, a multihost electronic bulletin board. Uses SMPT.

Most Anti-virus program is actually two applications in one. They have a scanner that checks system memory, boot records, partitions, directories and files for known virus signatures.
They also have a cleaner component, which is responsible for removing the infection.
Usually a part of the installation process is to run a full scan of your system. Do not skip this step!
It is important to keep your anti-virus program up-to-date.
An Anti-virus programs should be installed on all computer in a network.
Anti-virus software can sometimes interfere with software installations. If you receive a warning during setup, you may need to temporarily turn off virus checking.

Chapter 4 Chapter 6