Download Network Security Concepts: Firewalls, Kerberos, and S/MIME and more Lecture notes Network security in PDF only on Docsity!
Cryptography and Network Security
Module 3
Very short, Short & Long Type Questions Solution Model
1 .Why does PGP generate a signature before applying compression? The signature is generated before compression due to 2 reasons: It is preferable to sign an uncompressed message so that one can store only the uncompressed message together with the signature for future.
- Write the four SSL Protocols.
- SSL Handshake protocol
- SSL Change cipher spec. protocol
- SSL Alert Protocol
- SSL Record Protocol
- What is meant by S/MIME? S/MIME (Secure/Multipurpose Internet Mail Extensions) is a standard for public key encryption and signing of MIME data. S/MIME is on an IETF standards track and defined in a number of documents, most importantly RFCs (3369, 3370, 3850, 3851). S/MIME was originally developed by RSA Data Security Inc. The original specification used the IETF MIME specification with the de facto industry standard PKCS secure message format. Change control to S/MIME has since been vested in the IETF and the specification is now layered on cryptographic message syntax.
- What are the services provided by IPSec? The services provided by IPSec are authentication, confidentiality and key management authentication. It ensures the identity of an entity. Confidentiality is protection of data from unauthorized disclosure. Key management is generation, exchange, storage, safeguarding, etc. of keys in a public key cryptography.
- What is meant by replay attack? A replay attack (also known as playback attack) is a form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary who intercepts the data and retransmits it, possibly as part of a masquerade attack by IP packet substitution (such as stream cipher attack).
- What is the difference between an SSL connection and SSL session? Connection is a transport that provides a suitable type of service. For SSL, such connections are peer-topeer relationships. The connections are transient. Every connection is associated with one session. Session: An SSL session is an association between a client and a server. Sessions are created by the Handshake Protocol. Sessions define a set of cryptographic security parameters, which can be shared among multiple connections. Sessions are used to avoid the expensive negotiation of new security parameters for each connection.
- Why does ESP include a padding field? The ciphertext needs to end on an eight octet boundary because the Authentication data field is properly aligned in the packet. This is what the protocol expects and if it doesn't follow the rules, it's considered to contain an error in the packet. It's like English or other languages. We expect sentences to end with a period so we know where one sentence ends and the other begins.
- What is the problem that kerberos addresses? The problem that Kerberos addresses is this: Assume an open distributed environment in which users at workstations wish to access services on servers distributed throughout the network. We would like for servers to be able to restrict access to authorized users and to be able to authenticate requests for service. In this environment a workstation cannot be trusted to identify its users correctly to network services.
- What is meant by the function of a compression function in a hash function? The hash function involves repeated use of a compression function. The motivation is that if the compression function is collision resistant, then the hash function is also collision resistant function. So a secure hash function can be produced.
- How is signed data entity of S/MIME prepared? Secure/Multipurpose Internet Mail Extension is a security enhancement to the MIME Internet e-mail format standard, based on technology from RSA data security. It is able to sign and/or encrypt messages.
- What are the services provided by IPSec?
over. Types of virus: Boot sector Virus Macro virus Multipartite Virus Stealth virus
- What is application level gateway? An application gateway or application level gateway (ALG) is a firewall proxy which provides network security. It filters incoming node traffic to certain specifications which mean that only transmitted network application data is filtered. Such network applications include File Transfer Protocol (FTP), Telnet, Real Time Streaming Protocol (RTSP) and BitTorrent.
- List out the design goals of firewalls.
- All traffic from inside to outside, and vice versa, must pass through the firewall. This is achieved by physically blocking all access to the local network except via the firewall.
- Only authorized traffic, as defined by the local security policy, will be allowed to pass.
- The firewall itself is immune to penetration. This implies the use of a hardened system with a secured operating system.
- What is meant by intrusion detection system? An intrusion detection system (IDS) is a type of security software designed to automatically alert administrators when someone or something is trying to compromise information system through malicious activities or through security policy violations. An IDS works by monitoring system activity through examining vulnerabilities in the system, the integrity of files and conducting an analysis of patterns based on already known attacks. It also automatically monitors the Internet to search for any of the latest threats which could result in a future attack.
- What are audit reports? Writ its two forms. An information security audit is an audit on the level of information security in an organization. Within the broad scope of auditing information security there are multiple types of audits, multiple objectives for different audits, etc. Most commonly the controls being audited can be categorized to technical, physical and administrative. Auditing information security covers topics from auditing the physical security of data centers to auditing the logical security of databases and highlights key components to look for and different methods for auditing these areas.
- Define − Password Protection
Password protection is defined as a security process that protects information accessible via computers that needs to be protected from certain users. Password protection allows only those with an authorized password to gain access to certain information.
- Define − Malicious Program Malicious software is defined as a software written with the intent of causing some inconvenience to the user of the software. Malicious software in general terms is quite often called a virus however there are many other forms of malicious software. Some other types of malicious or potentially malicious software are worms, trojan horses, spyware, and PuPs.
- What is meant by intruder? A network is accessed by unauthorized user is called intrusion and the user is called as intruder. Classes of intruders: Masquerader Misfeasor Clandestine user
- What is meant by worm? A computer worm is a self-replicating computer program that penetrates an operating system with the intent of spreading malicious code. Worms utilize networks to send copies of the original code to other computers, causing harm by consuming bandwidth or possibly deleting files or sending documents via email. Worms can also install backdoors on computers.
- What is meant by Trojan horse? In computers, a Trojan horse is a program in which malicious or harmful code is contained inside apparently harmless programming or data in such a way that it can get control and do its chosen form of damage, such as ruining the file allocation table on your hard disk. Trojan horse was a program that was supposed to find and destroy computer viruses. A Trojan horse may be widely redistributed as part of a computer virus.
- What is meant by logic bomb? A logic bomb is a malicious program timed to cause harm at a certain point in time, but is inactive up until that point. A set trigger, such as a preprogrammed date and time, activates a logic bomb. Once activated, a logic bomb implements a malicious code that causes harm to a computer. A logic bomb, also called slag code.
- What are the steps in virus removal process? Virus should be removed form the system by scanning process. The steps include in this process are,
authentication server whose function is to authenticate users to servers and servers to users. Unlike most other authentication schemes described in this book, Kerberos relies exclusively on symmetric encryption, making no use of public-key encryption. Two versions of Kerberos are in common use. Version 4 [MILL88, STEI88] implementations still exist. Version 5 [KOHL94] corrects some of the security deficiencies of version 4 and has been issued as a proposed Internet Standard (RFC 4120). We begin this section with a brief discussion of the motivation for the Kerberos approach. Then, because of the complexity of Kerberos, it is best to start with a description of the authentication protocol used in version 4. This enables us to see the essence of the Kerberos strategy without considering some of the details required to handle subtle security threats. Finally, we examine version 5. The first published report on Kerberos [STEI88] listed the following requirements.
- Secure: A network eavesdropper should not be able to obtain the necessary information to impersonate a user. More generally,Kerberos should be strong enough that a potential opponent does not find it to be the weak link.
- Reliable: For all services that rely on Kerberos for access control, lack of availability of the Kerberos service means lack of availability of the supported services. Hence, Kerberos should be highly reliable and should employ a distributed server architecture with one system able to back up another.
- Transparent: Ideally, the user should not be aware that authentication is taking place beyond the requirement to enter a password.
- Scalable: The system should be capable of supporting large numbers of clients and servers.This suggests a modular, distributed architecture. Table 15.1 Summary of Kerberos Version 4 Message Exchanges (1) C : AS IDc || IDtgs || TS 1 (2) AS:C E1Kc, [Kc, tgs || IDtgs || TS2 || Lifetime2 || Tickettgs] Tickettgs = E(Ktgs, [Kc, tgs || IDC || ADC || IDtgs || TS2 || Lifetime2]) (a) Authentication Service Exchange to obtain ticket-granting ticket (3) C : TGS IDv || Tickettgs || Authenticatorc (4) TGS: C E1Kc, tgs, [Kc, v || IDv || TS4 || Ticketv] Tickettgs = E(Ktgs, [Kc, tgs || IDC || ADC || IDtgs || TS2 || Lifetime2]) Ticketv = E(Kv, [Kc, v || IDC || ADC || IDv || TS4 || Lifetime4]) Authenticatorc = E1Kc, tgs, [IDC || ADC || TS3] (b) Ticket-Granting Service Exchange to obtain service-granting ticket (5) C : V Ticketv || Authenticatorc (6) V: C E1Kc,v, [TS5 + 1]2 1for mutual authentication Ticketv = E(Kv, [Kc, v || IDC || ADC || IDv || TS4 || Lifetime4]) Authenticatorc = E 1Kc, v, [IDC || ADC || TS5] (c) Client/Server Authentication Exchange to obtain service Table 15.1a shows the technique for distributing the session key. As before, the client sends a message to the AS requesting access to the TGS.The AS responds with a message, encrypted with a key derived from the user’s password ( ), that contains the ticket.The encrypted message also contains a copy of the session key, , where the subscripts indicate that this is a session key for C and TGS.
Because this session key is inside the message encrypted with , only the user’s client can read it.The same session key is included in the ticket, which can be read only by the TGS. Thus, the session key has been securely delivered to both C and the TGS. Note that several additional pieces of information have been added to this first phase of the dialogue. Message (1) includes a timestamp, so that the AS knows that the message is timely. Message (2) includes several elements of the ticket in a form accessible to C.This enables C to confirm that this ticket is for the TGS and to learn its expiration time. Armed with the ticket and the session key, C is ready to approach the TGS.As before, C sends the TGS a message that includes the ticket plus the ID of the requested service (message (3) in Table 15.1b). In addition, C transmits an authenticator, which includes the ID and address of C’s user and a timestamp. Unlike the ticket, which is reusable, the authenticator is intended for use only once and has a very short lifetime. The TGS can decrypt the ticket with the key that it shares with the AS.This ticket indicates that user C has been provided with the session key
. In effect, the ticket says,“Anyone who uses must be C.”The TGS uses the session key to decrypt the authenticator. The TGS can then check the name and address from the authenticator with that of the ticket and with the network address of the incoming message. If all match, then the TGS is assured that the sender of the ticket is indeed the ticket’s real owner. In effect, the authenticator says, “At time I hereby use .” Note that the ticket does not prove anyone’s identity but is a way to distribute keys securely. It is the authenticator that proves the client’s identity. Because the authenticator can be used only once and has a short lifetime, the threat of an opponent stealing both the ticket and the authenticator for presentation later is countered. The reply from the TGS in message (4) follows the form of message (2). The message is encrypted with the session key shared by the TGS and C and includes a session key to be shared between C and the server V, the ID of V, and the timestamp of the ticket.The ticket itself includes the same session key. C now has a reusable service-granting ticket for V.When C presents this ticket, as shown in message (5), it also sends an authenticator. The server can decrypt the ticket, recover the session key, and decrypt the authenticator. If mutual authentication is required, the server can reply as shown in message (6) of Table 15.1. The server returns the value of the timestamp from the authenticator, incremented by 1, and encrypted in the session key. C can decrypt this message to recover the incremented timestamp. Because the message was encrypted by the session key,C is assured that it could have been created only by V.The contents of the message assure C that this is not a replay of an old reply. Finally, at the conclusion of this process, the client and server share a secret key. This key can be used to encrypt future messages between the two or to exchange a new random session key for that purpose.
PGP has grown explosively and is now widely used. A number of reasons can be cited for this growth.
- It is available free worldwide in versions that run on a variety of platforms, including Windows, UNIX, Macintosh, and many more. In addition, the commercial version satisfies users who want a product that comes with vendor support.
- It is based on algorithms that have survived extensive public review and are considered extremely secure. Specifically, the package includes RSA, DSS, and Diffie-Hellman for public-key encryption;CAST-128, IDEA, and 3DES for symmetric encryption; and SHA-1 for hash coding.
- It has a wide range of applicability, from corporations that wish to select and enforce a standardized scheme for encrypting files and messages to individuals who wish to communicate securely with others worldwide over the Internet and other networks.
- It was not developed by, nor is it controlled by, any governmental or standards organization. For those with an instinctive distrust of “the establishment,” this makes PGP attractive.
- PGP is now on an Internet standards track (RFC 3156; MIME Security with OpenPGP). Nevertheless, PGP still has an aura of an antiestablishment Endeavor SSL is designed to make use of TCP to provide a reliable end-to-end secure service. SSL is not a single protocol but rather two layers of protocols, as illustrated in Figure 16.2. The SSL Record Protocol provides basic security services to various higherlayer protocols. In particular, the Hypertext Transfer Protocol (HTTP), which provides the transfer service for Web client/server interaction, can operate on top of SSL. Three higher-layer protocols are defined as part of SSL: the Handshake Protocol,The Change Cipher Spec Protocol, and the Alert Protocol.These SSL-specific protocols are used in the management of SSL exchanges and are examined later in this section. Two important SSL concepts are the SSL session and the SSL connection, which are defined in the specification as follows.
- Connection: A connection is a transport (in the OSI layering model definition) that provides a suitable type of service. For SSL, such connections are peer-to-peer relationships. The connections are transient. Every connection is associated with one session.
- Session: An SSL session is an association between a client and a server. Sessions are created by the Handshake Protocol. Sessions define a set of cryptographic security parameters which can be shared among multiple connections. Sessions are used to avoid the expensive negotiation of new security parameters for each connection. Between any pair of parties (applications such as HTTP on client and server), there may be multiple secure connections. In theory, there may also be multiple simultaneous sessions between parties, but this feature is not used in practice. There are a number of states associated with each session. Once a session is established, there is a current operating state for both read and write (i.e., receive and send). In addition, during the Handshake Protocol, pending read and write states are created. Upon successful conclusion of the Handshake Protocol, the pending states become the current states. A session state is defined by the following parameters.
- Session identifier: An arbitrary byte sequence chosen by the server to identify an active or resumable session state.
- Peer certificate: An X509.v3 certificate of the peer. This element of the state may be null.
- Compression method: The algorithm used to compress data prior to encryption.
- Cipher spec: Specifies the bulk data encryption algorithm (such as null,AES, etc.) and a hash algorithm (such as MD5 or SHA-1) used for MAC calculation. It also defines cryptographic attributes such as the hash_size.
- Master secret: 48-byte secret shared between the client and server.
- Is resumable: A flag indicating whether the session can be used to initiate new connections. A connection state is defined by the following parameters.
- Server and client random: Byte sequences that are chosen by the server and client for each connection.
- Server write MAC secret: The secret key used in MAC operations on data sent by the server.
- Client write MAC secret: The secret key used in MAC operations on data sent by the client.
- Server write key: The secret encryption key for data encrypted by the server and decrypted by the client.
- Client write key: The symmetric encryption key for data encrypted by the client and decrypted by the server.
- Initialization vectors: When a block cipher in CBC mode is used, an initialization vector (IV) is maintained for each key.This field is first initialized by the SSL Handshake Protocol. Thereafter, the final ciphertext block from each record is preserved for use as the IV with the following record.
- Sequence numbers: Each party maintains separate sequence numbers for transmitted and received messages for each connection.When a party sends or receives a change cipher spec message, the appropriate sequence number is set to zero. Sequence numbers may not exceed 264 – 1. 48 S/MIME Messages S/MIME makes use of a number of new MIME content types, which are shown in Table 18.7. All of the new application types use the designation PKCS.This refers to a set of public-key cryptography specifications issued by RSA Laboratories and made available for the S/MIME effort. We examine each of these in turn after first looking at the general procedures
0GhIGfHfQbnj756YT64V To recover the encrypted message, the recipient first strips off the base encoding.Then the recipient’s private key is used to recover the session key. Finally, the message content is decrypted with the session key. SIGNEDDATA The signedData smime-type can be used with one or more signers. For clarity, we confine our description to the case of a single digital signature. The steps for preparing a signedData MIME entity are
- Select a message digest algorithm (SHA or MD5).
- Compute the message digest (hash function) of the content to be signed.
- Encrypt the message digest with the signer’s private key.
- Prepare a block known as SignerInfo that contains the signer’s publickey certificate, an identifier of the message digest algorithm, an identifier of the algorithm used to encrypt the message digest, and the encrypted message digest. The signedData entity consists of a series of blocks, including a message digest algorithm identifier, the message being signed, and SignerInfo. The signedData entity may also include a set of public-key certificates sufficient to constitute a chain from a recognized root or top-level certification authority to the signer. This information is then encoded into base64. A sample message (excluding the RFC 5322 headers) is Content-Type: application/pkcs7-mime; smime-type=signeddata; name=smime.p7m Content-Transfer-Encoding: base Content-Disposition: attachment; filename=smime.p7m 567GhIGfHfYT6ghyHhHUujpfyF4f8HHGTrfvhJhjH776tbB9HG4VQbnj 77n8HHGT9HG4VQpfyF467GhIGfHfYT6rfvbnj756tbBghyHhHUujhJhjH HUujhJh4VQpfyF467GhIGfHfYGTrfvbnjT6jH7756tbB9H7n8HHGghyHh 6YT64V0GhIGfHfQbnj To recover the signed message and verify the signature, the recipient first strips off the base64 encoding. Then the signer’s public key is used to decrypt the message digest.The recipient independently computes the message digest and compares it to the decrypted message digest to verify the signature. CLEAR SIGNING Clear signing is achieved using the multipart content type with a signed subtype. As was mentioned, this signing process does not involve transforming the message to be signed, so that the message is sent “in the clear.” Thus, recipients with MIME capability but not S/MIME capability are able to read the incoming message. A multipart/signed message has two parts. The first part can be any MIME type but must be prepared so that it will not be altered during transfer from source to destination.This means that if the first part is not 7bit, then it needs to be encoded using base64 or quoted-printable.Then this part is processed in the same manner as signedData, but in this case an object with signedData format is created that has an empty message content field. This object is a detached signature. It is then transfer encoded using base64 to become the second part of the multipart/signed message.This second part has a MIME content type of application and a subtype of pkcs7-signature. Here is a sample message: Content-Type: multipart/signed; protocol="application/pkcs7-signature";
micalg=sha1; boundary=boundary —boundary Content-Type: text/plain This is a clear-signed message. —boundary Content-Type: application/pkcs7-signature; name=smime.p7s Content-Transfer-Encoding: base Content-Disposition: attachment; filename=smime.p7s ghyHhHUujhJhjH77n8HHGTrfvbnj756tbB9HG4VQpfyF467GhIGfHfYT 4VQpfyF467GhIGfHfYT6jH77n8HHGghyHhHUujhJh756tbB9HGTrfvbnj n8HHGTrfvhJhjH776tbB9HG4VQbnj7567GhIGfHfYT6ghyHhHUujpfyF 7GhIGfHfYT64VQbnj —boundary42— The protocol parameter indicates that this is a two-part clear-signed entity. The micalg parameter indicates the type of message digest used.The receiver can verify the signature by taking the message digest of the first part and comparing this to the message digest recovered from the signature in the second part. REGISTRATION REQUEST Typically, an application or user will apply to a certification authority for a public-key certificate.The application/pkcs10 S/MIME entity is used to transfer a certification request. The certification request includes certification RequestInfo block, followed by an identifier of the public-key encryption algorithm, followed by the signature of the certificationRequestInfo block made using the sender’s private key. The certificationRequestInfo block includes a name of the certificate subject (the entity whose public key is to be certified) and a bit-string representation of the user’s public key. CERTIFICATES-ONLY MESSAGE A message containing only certificates or a certificate revocation list (CRL) can be sent in response to a registration request.The message is an application/pkcs7-mime type/subtype with an smime-type parameter of degenerate. The steps involved are the same as those for creating a signedData message, except that there is no message content and the signerInfo field is empty.
- E-MAIL COMPATIBILITY When PGP is used, at least part of the block to be transmitted is encrypted. If only the signature service is used, then the message digest is encrypted (with the sender’s private key). If the confidentiality service is used, the message plus signature (if present) are encrypted (with a one-time symmetric key). Thus, part or all of the resulting block consists of a stream of arbitrary 8-bit octets. However, many electronic mail systems only permit the use of blocks consisting of ASCII text.To accommodate this restriction, PGP provides the service of converting the raw 8-bit binary stream to a stream of printable ASCII characters. The scheme used for this purpose is radix-64 conversion. Each group of three octets of binary data is mapped into four ASCII characters. This format also appends a CRC to detect transmission errors. See Appendix 18A for a description. The use of radix 64 expands a message by 33%. Fortunately, the session key and signature portions of the message are relatively compact, and the plaintext message has been compressed. In fact, the compression should be more than enough to compensate for the radix-64 expansion. For example, [HELD96] reports an average compression ratio of about 2.0 using ZIP. If we ignore the relatively small signature and key components, the typical overall effect of compression and expansion of a file of length would be .Thus, there is still an overall
SIGNEDDATA The signedData smime-type can be used with one or more signers. For clarity, we confine our description to the case of a single digital signature. The steps for preparing a signedData MIME entity are
- Select a message digest algorithm (SHA or MD5).
- Compute the message digest (hash function) of the content to be signed.
- Encrypt the message digest with the signer’s private key.
- Prepare a block known as SignerInfo that contains the signer’s publickey certificate, an identifier of the message digest algorithm, an identifier of the algorithm used to encrypt the message digest, and the encrypted message digest. The signedData entity consists of a series of blocks, including a message digest algorithm identifier, the message being signed, and SignerInfo. The signedData entity may also include a set of public-key certificates sufficient to constitute a chain from a recognized root or top-level certification authority to the signer. This information is then encoded into base64. A sample message (excluding the RFC 5322 headers) is To recover the signed message and verify the signature, the recipient first strips off the base64 encoding. Then the signer’s public key is used to decrypt the message digest.The recipient independently computes the message digest and compares it to the decrypted message digest to verify the signature.
An organization maintains LANs at dispersed locations. Nonsecure IP traffic is conducted on each LAN. For traffic offsite, through some sort of private or public WAN, IPsec protocols are used. These protocols operate in networking devices, such as a router or firewall, that connect each LAN to the outside world. The IPsec networking device will typically encrypt and compress all traffic going into the WAN and decrypt and decompress traffic coming from the WAN; these operations are transparent to workstations and servers on the LAN. Secure transmission is also possible with individual users who dial into the WAN. Such user workstations must implement the IPsec protocols to provide security.
- AUTHENTICATION Figure 18.1a illustrates the digital signature service provided by PGP. This is the digital signature scheme discussed in Chapter 13 and illustrated in Figure 13.2.The sequence is as follows.
- The sender creates a message.
- SHA-1 is used to generate a 160-bit hash code of the message.
passwords and a new server, known as the ticket-granting server (TGS). The new (but still hypothetical) scenario is as follows. Once per user logon session: Kc Tickettgs Tickettgs = E(Ktgs, [IDC ‘ADC ‘ IDtgs ‘ TS1 ‘ Lifetime1]) Ticketv = E(Kv, [IDC ‘ ADC ‘ IDv ‘ TS2 ‘ Lifetime2]) C : V: IDC || Ticketv TGS: C: Ticketv C : TGS: IDC ‘ IDV ‘ Tickettgs AS: C: E(Kc, Tickettgs) C : AS: IDC ‘ IDtgs (5) The new service, TGS, issues tickets to users who have been authenticated to AS.Thus, the user first requests a ticket-granting ticket ( ) from the AS.The client module in the user workstation saves this ticket. Each time the user requires access to a new service, the client applies to the TGS, using the ticket to authenticate itself. The TGS then grants a ticket for the particular service. The client saves each service-granting ticket and uses it to authenticate its user to a server each time a particular service is requested. Let us look at the details of this scheme:
- The client requests a ticket-granting ticket on behalf of the user by sending its user’s ID to the AS, together with the TGS ID, indicating a request to use the TGS service.
- The AS responds with a ticket that is encrypted with a key that is derived from the user’s password ( ), which is already stored at the AS.When this response arrives at the client, the client prompts the user for his or her password, generates the key, and attempts to decrypt the incoming message. If the correct password is supplied, the ticket is successfully recovered. Because only the correct user should know the password, only the correct user can recover the ticket. Thus, we have used the password to obtain credentials from Kerberos without having to transmit the password in plaintext. The ticket itself consists of the ID and network address of the user, and the ID of the TGS.This corresponds to the first scenario.The idea is that the client can use this ticket to request multiple service-granting tickets. So the ticket-granting ticket is to be reusable. However, we do not wish an opponent to be able to capture the ticket and use it. Consider the following scenario: An opponent captures the login ticket and waits until the user has logged off his or her workstation.Then the opponent either gains access to that workstation or configures his workstation with the same network address as that of the victim. The opponent would be able to reuse the ticket to spoof the TGS. To counter this, the ticket includes a timestamp, indicating the date and time at which the ticket was issued, and a lifetime, indicating the length of time for which the ticket is valid (e.g., eight hours). Thus, the client now has a reusable ticket and need not bother the user for a password for each new service request. Finally, note that the ticket-granting ticket is encrypted with a secret key known only to the AS and the TGS.This prevents alteration of the ticket.The ticket is reencrypted with a key based on the user’s password.This assures that the ticket can be recovered only by the correct user, providing the authentication. 45 Information systems in corporations, government agencies, and other organizations
have undergone a steady evolution.The following are notable developments:
- Centralized data processing system, with a central mainframe supporting a number of directly connected terminals
- Local area networks (LANs) interconnecting PCs and terminals to each other and the mainframe
- Premises network, consisting of a number of LANs, interconnecting PCs, servers, and perhaps a mainframe or two
- Enterprise-wide network, consisting of multiple, geographically distributed premises networks interconnected by a private wide area network (WAN)
- Internet connectivity, in which the various premises networks all hook into the Internet and may or may not also be connected by a private WAN [BELL94b] lists the following design goals for a firewall:
- All traffic from inside to outside, and vice versa, must pass through the firewall. This is achieved by physically blocking all access to the local network except via the firewall. Various configurations are possible, as explained later in this chapter.
- Only authorized traffic, as defined by the local security policy, will be allowed to pass.Various types of firewalls are used, which implement various types of security policies, as explained later in this chapter.
- The firewall itself is immune to penetration.This implies the use of a hardened system with a secured operating system.Trusted computer systems are suitable for hosting a firewall and often required in government applications. [SMIT97] lists four general techniques that firewalls use to control access and enforce the site’s security policy. Originally, firewalls focused primarily on service control, but they have since evolved to provide all four:
- Service control: Determines the types of Internet services that can be accessed, inbound or outbound. The firewall may filter traffic on the basis of IP address, protocol, or port number; may provide proxy software that receives and interprets each service request before passing it on; or may host the server software itself, such as a Web or mail service.
- Direction control: Determines the direction in which particular service requests may be initiated and allowed to flow through the firewall. User control: Controls access to a service according to which user is attempting to access it. This feature is typically applied to users inside the firewall perimeter (local users). It may also be applied to incoming traffic from external users; the latter requires some form of secure authentication technology, such as is provided in IPsec (Chapter 19).
- Behavior control: Controls how particular services are used. For example, the firewall may filter e-mail to eliminate spam, or it may enable external access to only a portion of the information on a local Web server. Before proceeding to the details of firewall types and configurations, it is best to summarize what one can expect from a firewall. The following capabilities are within the scope of a firewall:
- A firewall defines a single choke point that keeps unauthorized users out of the protected network, prohibits potentially vulnerable services from entering or leaving the network, and provides protection from various kinds of IP spoofing and routing attacks.The use of a single choke point simplifies security management because security capabilities are consolidated on a single system or set of systems.
- A firewall provides a location for monitoring security-related events.Audits and
