CHAPTER ONE
INTRODUCTION
1.1 Introduction
Security on the Internet and on Local Area Networks is now at the forefront of computer network related issues. The evolution of networking and the Internet, the threats to information and networks have risen dramatically. Many of these threats have become cleverly exercised attacks causing damage or committing theft. The Internet continues to grow exponentially. As personal, government and business-critical applications become more prevalent on the Internet, there are many immediate benefits. However, these network-based applications and services can pose security risks to individuals as well as to the information resources of companies and government. In many cases, the rush to get connected comes at the expense of adequate network security. Information is an asset that must be protected. Without adequate protection or network security, many individuals, businesses, and governments are at risk of losing that asset. Network security is the process by which digital information assets are protected, the goals of security are to protect confidentiality, maintain integrity, and assure availability. With this in mind, it is imperative that all networks be protected from threats and vulnerabilities in order fora business to achieve its fullest potential. Typically, these threats are persistent due to vulnerabilities, which can arise from mis-configured hardware or software, poor network design, inherent technology weaknesses, or end-user carelessness. A router is similar to many computers in that it has many services enabled by default. Many of these services are unnecessary and may be used by an attacker for information gathering or for exploitation. All unnecessary services should be disabled in the router configuration to prevent the attacker from using it to damage the network or to stealing the important information, or network devices configuration. In this project a review of attacks on routers, and how can prevent, or mitigating it will be described. Routers and firewall are very critical parts of network operations and network security. Careful management and diligent audit of router and firewall operations, can reduce network downtime, improve security, prevent the attacks and hackers, network threats decrease, and aid in the analysis of suspected security breaches.
1.2 Background of the Study
Security has one purpose, to protect assets. With the advent of personal computers, LANs, and the wide-open world of the Internet, the networks of today are more open. As e-business and Internet applications continue to grow, finding the balance between being isolated and being open will be critical. With the increased number of LANs and personal computers, the Internet began to create untold numbers of security risks. Firewall devices, which are software or hardware that enforce an access control policy between two or more networks, were introduced. This technology gave businesses a balance between security and simple outbound access to the Internet, which was mostly used, for e-mail and Web surfing. Network security is the most vital component in information security because it is responsible for securing all information passed through networked computers. Network security refers to all hardware and software functions, characteristics, features, operational procedures, accountability measures, access controls, administrative and management policy required to provide an acceptable level of protection for hardware, software, and information in a network. Network security, in order for it to be successful in preventing information loss, must follow three fundamental precepts. First, a secure network must have integritysuch that all of the information stored therein is always correct and protected against fortuitous data corruption as well as willful alterations. Next, to secure a network there must be confidentiality, or the ability to share information on the network with only those people for whom the viewing is intended. Finally, network security requires availabilityof information to its necessary recipients at the predetermined times without exception. The three principles that network security must adhere to evolved from years of practice and experimentation that make up network history.
Real-world security includes prevention, detection, and response. If the prevention mechanisms were perfect, you wouldn’t need detection and response. But no prevention mechanism is perfect. Without detection and response, the prevention mechanisms only have limited value. Detection and response are not only more cost effective but also more effective than piling on more prevention. On the Internet, this translates to monitoring. In Network Protection,there are fortunately many preventative techniques to properly secure network against threats. The first method of protection is to address the actual physical layer of the network to assure that it is properly equipped. Next, three network administrative guidelines should be adhered to.Additionally, firewalls and encryption should be incorporated into a network to heighten its security.
Finally, several other passwords, variations of capital and small letters further increase the strength of a password. Proper authentication is an integral part of the administrative step in securing a network. Firewalls are yet another measure used in increasing the level of security in a network. A firewall is in essence a portal through which information enters and exits.
On one side of the portal is the internal network that must remain secure, and on the other is the information needed from the outside world combined with the undesirable threats of external networks. Three of the major types of firewalls, listed in order of increasing quality and price, are packet-filtering routers,
application-level gateways, and circuit-level gateways. Although it is not the best available firewall, a positive step in increasing network security is the use of packet-filtering routers. A packet filtering router allows the network to determine which connections can pass through the router into the local area network and which connections will be denied. The application-level gateway is designed specifically as a firewall that authenticates the user for individual applications. Its primary function is to identify and validate the user and then provide access to specific applications such as E-Mail or file browsers depending on which one the user is requesting. Finally, a circuit-level gateway performs all of the packet-filtering that a router does and a bit more. The primary enhancement is the use ofidentification and authentication before an insider can access your in-house network.
Emerging applications like electronic commerce and secure communications over open networks have made clear the fundamental role of public key cryptography as unique security solutions. On the other hand, these solutions clearly expose the fact that the protection of private keys is a security bottleneck in these sensitive applications. This problem is further worsened in the cases where a single and unchanged private key must be kept secret for very long time (such is the case of certification authority keys, and e-cash keys).
When classified information is sent electronically from one individual to another, some form of encryption must be used to protect the information from prying eyes. Because internet technology relies on the transmission of data through the public domain, this encryption is absolutely essential to preserving the security of electronically-transmitted information. Public key encryption, which was first developed in the 1970s, has gradually come to dominate the “cryptology market” because of its innate advantages over private-key methods of encrypting data; unlike its counterpart, public key encryption does not require that individuals share a secret key.
Although public key encryption algorithms such as RSA (Rivest et al, 1977) have achieved universal acceptance in the modern cryptology arena, they remain vulnerable to many potential security threats. For example, because public key encryption involves the “receiver” providing a public key to any “senders” who wish to send him confidential information (the receiver uses a different, private key to decrypt the data), it is entirely possible for a devious individual to send an encrypted message to the receiver that appears to have been sent from someone else; after all, the public key used to encrypt this message is fully available to everyone. In other words, when constructed improperly, public encryption systems such as RSA do not intrinsically protect against false sender identification.
1.3 Statement of the Problem
The Network-Based security problem includes lots of buggy and insecure applications. Attackers can infect your system with malware and steal credentials like credit card details, passwords etc. Example of this is a malware called SilentBanker. It appends itself to your computer and stays silent. Now anytime your computer makes a web request to port 80 or 443 it monitors the request. Though port 443 is encrypted using SSL it doesn’t bother the malware. The malware injects malicious javascript to the target page to change it so whenever you type your password for authentication the password would get sent to the attacker. This malware was used to steal a lot of passwords from UK banks.
An attacker can steal your IP address and use it to send spam messages. An attacker does this to protect himself and shift the blame to the person whose computer he uses to send the spam messages. There are organizations that provide Denial of Service as a service. That is they can attack a web page or web server for a fee you pay. They do this by bombarding either a web server or web page with a lot of requests than it can process.
Nowadays, we see the spread of war from physical space to the cyber space. An example of this is the Stuxnet virus (2008) which the NSA and Israeli Intelligence agencies used in shutting down Iran’s nuclear power plant. What the attackers did was that they use four zero day windows exploit to infect the computer of the administrator that maintains the nuclear facility. This exploits just sits on your windows computer and only functions if you have the Siemens PCS 7 SCADA control software on your windows computer. It will wait for your to connect the Siemens controller to the network then it will affect the network. This malware in the target computers serves as logic bombs. They used this to attack the nuclear plant thereby shutting down a billion dollar project with just a malware.
Snowden (2013), an NSA whistleblower released a top secret espionage carried out by US and British Intelligence agencies in which they intercept over 80% of web traffics from sites like Facebook, Google, Twitter etc. and store this information to be used for various activities. These revelations together with the ones from whistleblowing site WikiLeaks made aware of the insecurity of the web which we depend so greatly for our daily activities.
More recently, we were made aware that some Nigerian governors use the exploits of the malware firm Hacking Team. Hacking Team is a legal malware company that creates exploit used to attack varieties of devices ranging from web servers, computers and anything you can think of. This exposes the fact that in Nigeria today there are people who poses this weaponized- cyber tools that can be used to access virtually almost all devices and steal information, plant information for the purpose of implicating the target.
Noting these problems we face in this modern era, we turn to cryptography. Cryptography is used to encrypt data so it can only be read by the person who has the secret key. So, even though an attacker breaks into our system he cannot decode our information.
1.4 Research Question
The proliferation of Wi-Fi routers makes the researchers confident that a dense enough ad hoc networks could be created, but they noted that a lack of unsecured routers would require municipalities to work with citizens to allow for the devices to be easily switched into emergency mode. The big question is whether enough citizens would really allow such access, even if security was assured.
1.5 Purpose of Study
Many network security attack/threats today are spread over the Internet. The most common include:
Viruses, worms, and Trojan horses
Spyware and adware
Zero-day attacks, also called zero-hour attacks
Hacker attacks
Denial of service attacks
Data interception and theft
Identity theft etc
Several business activities are faced with disruption, which helps keep employees less productive. This is where Network Based security information system comes into play. Because network based security helps protect your customers' data, it reduces the risk of legal action from data theft.
over the years versions of RSA implemented in WEP, HTTP etc has been broken. This project analysis the security of RSA in WEB, HTTP etc and also covers attacks on RSA, and at the end designing and implement a version of RSA that is intrusion tolerant.
1.7 Scope of Study
This project covers ITTC (Boneh et al, 1999), an intrusion tolerant application that uses RSA for encryption. ITTC is a projects that protects the private keys of web servers and certificate authorities by splitting server into smaller share servers so that even if the attacker penetrates a few of the servers he cannot compromise the whole system. Also, I discussed about SITAR (Sargor et al, 2001) a DARPA-funded research project that investigates the intrusion tolerance in distributed system to provide reliable services. I showed some attacks on RSA like the binding attack, common modulus attack etc. and I also analyzed security problems of some versions of RSA like the PKCS1 etc. I also showed how to design and implemented RSA correctly