3YSTEMS AND )NTERNET
)NFRASTRUCTURE 3ECURITY
.ETWORK AND 3ECURITY 2ESEARCH #ENTER
$EPARTMENT OF #OMPUTER 3CIENCE AND %NGINEERING
0ENNSYLVANIA 3TATE 5NIVERSITY 5NIVERSITY 0ARK 0!
Security Basics
CSE598K/CSE545 - Advanced Network Security
Prof. McDaniel - Spring 2008
Page 1
"We have information, from multiple regions outside the United States,
of cyber intrusions into utilities, followed by extortion demands. We
suspect, but cannot confirm, that some of these attackers had the
benefit of inside knowledge. We have information that cyber attacks
have been used to disrupt power equipment in several regions outside
the United States. In at least one case, the disruption caused a power
outage affecting multiple cities. We do not know who executed these
attacks or why, but all involved intrusions through the Internet."
CSE598K/CSE545 - Advanced Network Security - McDaniel
Page 2
Network Security
Network security covers a spectrum of security from
Host Security
(Personal Firewalls)
Larger
Enterprise Security
(VPNs)
Global Security
(BGP)
Page 3
Page 4
Page 5
Challenges
The network is ...
administered unevenly and often poorly
hard to change
very simple
unreliable
...
Page 6
Security Terms
Guarantees
Attacks
Confidentiality
Integrity
Denial of service
Non-repudability
Traffic analysis
Availability
Page 7
(eavesdropping)
even the password!
Page 8
RSH/RCP
Remote shell (rsh) was introduced as a means of
Page 9
Problems?
Of course both of these models were terrible from a
security standpoint
Users could be asserted
Traffic could be eavesdropped
Passwords could be guessed
Page 10
SSH
Secure shell (ssh) - an alternate to telnet that looks
Concepts:
Each machine has an identity
recorded by each user
Page 11
SSH
Server Configuration files
/etc/ssh/ssh_host_key.pub (pub identifies host)
~/.ssh authorized_keys2 (pub user keys)
Client Configuration files
~/.ssh/known_hosts2 (pub keys of known hosts)
~/.ssh/id_dsa (priv key of user)
Page 12
SSH Authentication
(1) SSH_MSG_USERAUTH_REQUEST
(user, service ....)
Client
(2) SSH_MSG_USERAUTH_INFO_REQUEST
(user, authtype, prompt, challenge, ...)
Server
(3) SSH_MSG_USERAUTH_INFO_RESPONSE
(user, response, ..)
Page 13
What it means?
Security model of ssh:
I can configure a .rhosts if you want, but no longer forgable
Note: you can still use password if host not configured
Cant solve:
Password cracking
Traffic analysis
Covert channels
Page 14