Spring Boot vs Quarkus the ultimate battle - DevoxxUK
ANS_Ch_04_Handouts.pdf
1. School of Computing & Informatics
M. Sc in Computer Science & Networking
By
Chapter-04
Dr. Ananda Kumar K S M.Tech, Ph.D
Associate Professor, School of Comp & Info
Email: anandgdk@du.edu.et
COET, Dilla University 1
Course Number CN6122
Course Title Advanced Network Security
3. A firewall is, in essence, a barrier between
your network and the outside world.
At a minimum, it will filter incoming
packets based on certain parameters such as
packet size, source IP address, protocol, and
destination port.
Linux and Windows (beginning with
Windows XP and in all subsequent Windows
versions) ship with a simple firewall.
For Windows, the firewall in Windows 7 was
expanded to handle filtering both inbound and
outbound traffic.
COET, Dilla University 3
4. In an organizational setting, need a dedicated
firewall between your network and the outside
world.
This might be a router that also has built-in
firewall capabilities. (Cisco Systems is one
company that is well known for high-quality
routers and firewalls.) Or, it might be a server that
is dedicated solely to running firewall software.
A firewall protects your computer by
examining each information packet that travels
over the network. Clues to a packet’s purpose can
be read from its destination address. Firewalls
contain a list of allowed and disallowed
destinations and functions
COET, Dilla University 4
5. A firewall filters packets flowing
between a site and the rest of the
Internet
5
COET, Dilla University
6. [BELL94b] lists the following design goals for a firewall:
All traffic from inside to outside, and vice versa,
must pass through the firewall. This is achieved by
physically blocking all access to the local network
except via the firewall.
Only authorized traffic, as defined by the local
security policy, will be allowed to pass. Various types
of firewalls are used, which implement various types
of security policies
The firewall itself is immune to penetration. This
implies the use of a hardened system with a secured
operating system. Trusted computer systems are
suitable for hosting a firewall and often required in
government applications.
COET, Dilla University 6
7. 7
Firewalls can be set up to offer security
services to many TCP/IP layers. The many
types of firewalls are classified based on the
network layer it offers services in and the
types of services offered. They include:
◦ Packet Inspection Firewalls - are routers that
inspects the contents of the source or
destination addresses and ports of incoming or
outgoing TCP,UDP, ICMP(Internet Control
Message Protocol) packets being sent between
networks and accepts or rejects the packet based
on the specific packet policies set in the
organization’s security policy.
COET, Dilla University
8. 8
Application Proxy Server:
◦ Filtering Based on Known Services - is a
machine server that sits between a client
application and the server offering the
services the client application may want.
◦ It behaves as a server to the client and as
a client to the server, hence a proxy,
providing a higher level of filtering than
the packet filter server by examining
individual application packet data streams.
COET, Dilla University
9. 9
Virtual Private Network (VPN) Firewalls
A VPN, is a cryptographic system including
Point-to-Point Tunneling Protocol (PPTP), Layer
2 Tunneling Protocol (L2TP), and IPSec that
carry Point-to-Point Protocol (PPP) frames
across an Internet with multiple data links with
added security.
The advantages of a VPN over non-VPN
connections like standard Internet connections
are:
VN technology encrypts its connections
Connections are limited to only machines with
specified IP addresses.
COET, Dilla University
10. 10
◦ Small Office or Home (SOHO) Firewalls
A SOHO firewall is a relatively small firewall connecting a
few personal computers via a hub, switch, a bridge, even
a router on one side and connecting to a broadband
modem like DSL or cable on the other.
◦ NAT Firewalls (Network Address Translation)
In a functioning network, every host is assigned an IP
address.
In a fixed network where these addresses are static, it is
easy for a hacker to get hold of a host and use it to stage
attacks on other hosts within and outside the network.
To prevent this from happening, a NAT filter can be used.
It hides all inside host TCP/IP information.
A NAT firewall actually functions as a proxy server by
hiding identities of all internal hosts and making requests
on behalf of all internal hosts on the network.
This means that to an outside host, all the internal hosts
have one public IP address, that of the NAT.
COET, Dilla University
11. In the context of network security, access
control is the ability to limit and control the
access to host systems and applications via
communications links.
To achieve this, each entity trying to gain
access must first be identified, or
authenticated, so that access rights can be
tailored to the individual.
Access Control Methods:
An interesting problem with security is
that not only must information be protected
from outsiders, it must sometimes be
protected from insiders as well.
COET, Dilla University 11
12. The term Access Control actually refers to the
control over access to system resources after a
user's account credentials and identity have been
authenticated and access to the system granted.
Various methods that control access to network
environments are described in the following
sections.
Discretionary access control (DAC)
Role-based access control (RBAC)
Mandatory access control (MAC)
Attribute Based Access Control (ABAC)
COET, Dilla University 12
13. Mandatory Access Control (MAC) is the strictest of
all levels of control.
The design of MAC was defined, and is primarily
used by the government.
MAC takes a hierarchical approach to controlling
access to resources. Under a MAC enforced
environment access to all resource objects (such
as data files) is controlled by settings defined by
the system administrator.
As such, all access to resource objects is strictly
controlled by the operating system based on
system administrator configured settings.
It is not possible under MAC enforcement for users
to change the access control of a resource.
COET, Dilla University 13
14. Unlike Mandatory Access Control (MAC) where
access to system resources is controlled by the
operating system (under the control of a system
administrator), Discretionary Access Control
(DAC) allows each user to control access to their
own data.
DAC is typically the default access control
mechanism for most desktop operating systems.
Instead of a security label in the case of MAC,
each resource object on a DAC based system has
an Access Control List (ACL) associated with it.
An ACL contains a list of users and groups to
which the user has permitted access together
with the level of access for each user or group.
COET, Dilla University 14
15. Role Based Access Control (RBAC), also known as
Non discretionary Access Control, takes more of
a real world approach to structuring access
control.
Access under RBAC is based on a user's job
function within the organization to which the
computer system belongs.
Essentially, RBAC assigns permissions to
particular roles in an organization. Users are then
assigned to that particular role.
For example, an accountant in a company will be
assigned to the Accountant role, gaining access
to all the resources permitted for all accountants
on the system.
Similarly, a software engineer might be assigned
to the developer role.
COET, Dilla University 15
16. Roles differ from groups in that while
users may belong to multiple groups, a user
under RBAC may only be assigned a single
role in an organization.
Additionally, there is no way to provide
individual users additional permissions over
and above those available for their role.
The accountant described above gets the
same permissions as all other accountants,
nothing more and nothing less.
COET, Dilla University 16
17. In recent years, the ABAC has become
increasingly significant due to the growing
popularity of large distributed systems.
One of the main drawbacks of RBAC is the
difficulty of assigning privileges to an individual.
ABAC provides an effective solution since user
attributes are the criteria used to determine user
authorization.
This access policy improves upon RBAC in the
following areas: delegation of attribute authority,
decentralization of attributes, and interference of
attributes.
To protect the sensitivity of credentials, ABAC
contains several policies for maintaining user
confidentiality and data integrity.
COET, Dilla University 17
19. In general, there is a flow of data from a
source (e.g., host, file, memory) to a destination
(e.g., remote host, other file, user) over a
communication channel (e.g., wire, data bus).
The task of the security system is to restrict
access to this information to only those parties
(persons or processes) that are authorized to
have access according to the security policy in
use.
In the case of an automation system that is
remotely connected to the Internet, the
information flow is from/to a control application
that manages sensors and actuators via
communication lines of the public Internet and
the network of the automation system (e.g., a
field-bus).
COET, Dilla University 19
22. 1. Interruption:
An asset of the system gets destroyed or
becomes unavailable.
This attack targets the source or the
communication channel and prevents information
from reaching its intended target (e.g., cut the wire,
overload the link so that the information gets
dropped because of congestion).
Attacks in this category attempt to perform a
kind of denial-of-service(DOS).
2. Interception: An unauthorized party gains
access to the information by eavesdropping
(secretly listen to a conversation) into the
communication channel (e.g., wiretapping).
COET, Dilla University 22
23. 3.Modification:
The information is not only intercepted, but
modified by an unauthorized party while in
transit from the source to the destination.
By tampering with the information, it is
actively altered (e.g., modifying message
content). (Attack on Integrity)
4. Fabrication:
In this type of attack a fake message is
inserted into the network by an unauthorized
user as if it is a valid user.
This results in the loss of confidentiality,
authenticity and integrity of the message.
(Attack on Authenticity)
COET, Dilla University 23
24. Different security mechanisms can be
used to enforce the security properties
defined in a given security policy.
Depending on the anticipated attacks,
different means have to be applied to satisfy
the desired properties.
Divide these measures against attacks into
three different classes: attack prevention,
attack avoidance, attack detection
COET, Dilla University 24
25. Attack Prevention
Attack Avoidance
Secret Key Cryptography( Symmetric Encryption)
Public Key Cryptography (Asymmetric Encryption)
Authentication
Digital Signatures
Attack and Intrusion Detection
COET, Dilla University 25
26. Attack prevention is a class of security
mechanisms that contains ways of preventing
or defending against certain attacks before
they can actually reach and affect the target.
An important element in this category is
access control, a mechanism that can be
applied at different levels such as the
operating system, the network, or the
application layer.
COET, Dilla University 26
27. The most common form of access control
used in multi-user computer systems are
access control lists for resources that are
based on the user identity of the process that
attempts to use them.
When an attacker compromises a server
machine behind a single firewall, all other
machines can be attacked from this new base
without restrictions.
To prevent this, one can use two firewalls
and the concept of a demilitarized zone
(DMZ)
COET, Dilla University 27
29. Security mechanisms in this category
assume that an intruder may access the
desired resource but the information is
modified in a way that makes it unusable for
the attacker.
The information is preprocessed at the
sender before it is transmitted over the
communication channel and post processed
at the receiver.
While the information is transported over
the communication channel, it resists attacks
by being nearly useless for an intruder.
COET, Dilla University 29
30. The most important member in this
category is cryptography, which is defined as
the science of keeping messages secure.
It allows the sender to transform
information into a random data stream from
the point of view of an attacker but to have it
recovered by an authorized receiver.
The transformation rules are described by
a cryptographic algorithm.
COET, Dilla University 30
31. The function of this algorithm is based on
two main principles: substitution and
transposition.
In the case of substitution, each element of
the plain text (e.g., bit, block) is mapped into
another element of the used alphabet.
Transposition describes the process where
elements of the plain text are rearranged.
Most systems involve multiple steps (called
rounds) of transposition and substitution to be
more resistant against cryptanalysis.
COET, Dilla University 31
32. Attack Detection Systems for secure
computer systems are an approach to
enhancing the security of a computer system.
In the past, they aimed at only providing a
trail which could be useful in determining how
a system was breached and who was
responsible for this breach.
More recently, attack detection systems
have become automated tools which analyse
audit data captured from a system, detect
attacks as they take place and take measures
to prevent further damage to the target
system.
COET, Dilla University 32
33. Attack detection assumes that an attacker
can obtain access to his desired targets and
is successful in violating a given security
policy.
Mechanisms in this class are based on the
optimistic assumption that most of the time
the information is transferred without
interference.
When undesired actions occur, attack
detection has the task of reporting that
something went wrong and then to react in
an appropriate way.
COET, Dilla University 33
34. In addition, it is often desirable to identify
the exact type of attack. An important facet
of attack detection is recovery.
Often, it is enough to just report that
malicious activity has been found, but some
systems require that the effect of the attack
has to be reverted or that an ongoing and
discovered attack is stopped.
Intrusion Detection is the process of
identifying and responding to malicious
activities targeted at computing and network
resources.
COET, Dilla University 34
35. An IDS basically monitors and collects data
from a target system that should be protected,
processes and correlates the gathered
information, and initiate responses, when
evidence for an intrusion is detected.
IDS are traditionally classified as anomaly- or
signature- based.
Signature-based systems act similar to virus
scanners and look for known, suspicious patterns
in their input data.
Anomaly-based systems watch for deviations
of actual from expected behavior and classify all
―abnormal‖ activities as malicious.
COET, Dilla University 35
38. Anomaly Based
Monitors network traffic
Keeps track of patterns of traffic and information
to obtain baseline
If deviation in network behavior is detected, IDS
will assume an attack
Signature Based
Attack Signature database is maintained
Compare traffic to the database
If match is found, alert is sent
Requires constant updates
39. Eliminate the need to shut down a network
when an attack occurs
Allows user to observe the type of attack and
methods used by the attack to prevent future
attacks
The security baseline defines the criteria such
as used bandwidth, protocols, ports, and the
types of devices that can be connected to
each-other.
40. Commercial use of the Web continues to
grow at an astonishing pace, and securing
Web transactions has become increasingly
critical to businesses, organizations, and
individual users.
Fortunately, an extremely effective and
widely deployed communications protocol
provides exactly that security. It is the Secure
Sockets Layer protocol, more commonly
known simply as SSL. The SSL protocol—
along with its successor, the Transport Layer
Security (TLS) protocol.
COET, Dilla University 40
41. The idea of secure network protocols is to
create an additional layer between the
application and the transport/network layer
to provide services for a secure end-to-end
communication channel.
TCP/IP are almost always used as
transport/network layer protocols on the
Internet and their task is to provide a reliable
end-to-end connection between remote
tasks on different machines that intend to
communicate.
COET, Dilla University 41
42. The services on that level are usually
directly utilized by application protocols to
exchange data, for example, Hypertext
Transfer Protocol (HTTP) for web services.
Unfortunately, the network layer transmits
these data unencrypted, leaving it vulnerable
to eavesdropping or tampering attacks.
In addition, the authentication
mechanisms of TCP/IP are only minimal,
thereby allowing a malicious user to hijack
connections and redirect traffic to his
machine as well as to impersonate legitimate
services.
COET, Dilla University 42
43. These threats are mitigated by secure
network protocols that provide privacy and
data integrity between two communicating
applications by creating an encrypted and
authenticated channel.
Separate Security Protocol:
The designers of the Secure Sockets Layer
decided to create a separate protocol just for
security.
In effect, they added a layer to the
Internet’s protocol architecture.
COET, Dilla University 43
45. SSL adds security by
acting as a separate
security protocol,
inserting itself between
the http application and
tcp.
By acting as a new
protocol, SSL requires
very few changes in the
protocols above and
below.
COET, Dilla University 45
46. In addition to requiring
minimal changes to existing
implementations, this
approach has another
significant benefit: It allows
SSL to support applications
other than HTTP.
The main motivation
behind the development of
SSL was Web security, but, as
figure 1-5 shows, SSL is also
used to add security to other
Internet applications,
including those of the Net
News Transfer Protocol
(NNTP) and the File Transfer
Protocol (FTP).
COET, Dilla University 46
47. Although the designers of SSL choose a
different strategy, it is also possible to add
security services directly in an application
protocol.
Indeed, standard HTTP does include some
extremely rudimentary security features;
however, those security features don’t
provide adequate protection for real
electronic commerce.
At about the same time Netscape was
designing SSL, another group of protocol
designers was worked on an enhancement to
http known as Secure http.
COET, Dilla University 47
49. The separate protocol approach of SSL can
be taken one step further if security services
are added directly to a core networking
protocol.
That is exactly the approach of the ip
security (ipsec) architecture; full security
services become an optional part of the
Internet Protocol itself.
In most cases, the application does not
need to change at all to take advantage of
ipsec.
COET, Dilla University 49
50. Figure 1-7 illustrates
the ipsec architecture.
The ipsec
architecture has many
of the same
advantages as SSL. It is
independent of the
application protocol,
so any application may
use it.
COET, Dilla University 50
51. TCP: provides a reliable end-to-end service.
TCP & SSL: provides a reliable & secure end-to-
end service.
HTTPS: HTTP over SSL (or TLS)
Typically on port 443 (regular http on port 80)
SSL originally developed by Netscape
subsequently became Internet standard known
as TLS (Transport Layer Security)
52.
53. SSL Record Protocol provides two services.
Message integrity
◦ using a MAC( Message Authentication Code) with a
shared secret key
◦ similar to HMAC(Hash based Message
Authentication Code) but with different padding
◦ hash functions: MD5(Message Digest), SHA-
1(Secure Hash Algorithm)
Message confidentiality
◦ Using symmetric encryption with a shared secret
key.
◦ Encryption algorithms: AES, DES, 3DES, RC4.
55. SSL Roles:
The Secure Sockets Layer protocol defines
two different roles for the communicating
parties.
One system is always a client, while the other
is a server.
The distinction is very important, because SSL
requires the two systems to behave very
differently.
The client is the system that initiates the
secure communications; the server responds to
the client’s request.
In the most common use of SSL, secure Web
browsing, the Web browser is the SSL client and
the Web site is the SSL server.
COET, Dilla University 55
56. SSL 1.0
◦ Internal Netscape design, early 1994?
◦ Lost in the mists of time
SSL 2.0
◦ Published by Netscape, November 1994
◦ Badly broken
SSL 3.0
◦ Designed by Netscape and Paul Kocher, November
1996
TLS 1.0
◦ Internet standard based on SSL 3.0, January 1999
57. if it has one
SOURCE: WEB SECURITY
SYMMETRIC
SYMMETRIC
ASYMMETRIC
ASYMMETRIC
SECURE TRANSMISSION BEGINS HERE
58. Reference Text Books:
1. W. Stallings, Network Security Essentials –
Applications & Standards , 4th edition,
Prentice Hall, 2003.
2. C.Easttom, Computer Security
Fundamentals, Prentice Hall, May 2005.
3. D. Russell and G.T. Gangemi, Computer
Security Basics, OReilly& Associates, 1991.
4. M. Bishop, Computer Security: Art and
Science, Addison-Wesley, 2002.
5. S. A. Thomas, SSL and TLS Essentials:
Securing the Web, Wiley, 2000.
COET, Dilla University 58