1. 14.0 Securing a Network
One of the most critical pieces of a network design involves how you’re going to protect your network from attacks. And in this module, we’re going to be considering many different types of attacks that we want to protect ourselves from. And we’re going to arm ourselves with a ton of network security solutions. We’ll cover network security for wired networks, for wireless networks. We’ll take a look at options for user authentication and lots of other network security topics. But to begin our discussion, let’s take a look at network security from a high level in our next video.
2. 14.1 General Security and Availability Issues
In this video we want to take a look at some security goals that we have for our network and some ways to achieve those goals. First up, what goals do we have? Well, it breaks down to three primary goals. Number one, confidentiality. If someone were to attach a sniffer to our network as an example, and they started capturing packets, we don’t want them to be able to interpret any data they capture. The way that we can provide prevent that is through encryption we can scramble up the data. So even if they do capture it, they’re not going to be able to make any sense of it because it’s all scrambled up. But we’ll have the legitimate participants in that conversation have a key which can unlock that encryption. That key can be used to decrypt the data so the appropriate party can read the data, but an untrusted third party cannot read the data.
We’re also concerned with integrity. Integrity is making sure that the file is not corrupted or it’s not modified in transit. Imagine you’re making a bank deposit and somebody alters your data so that your money goes to a different bank account. You don’t want that. And we’ll take a look in this video at how we can use essentially a digital fingerprint to make sure data has not been modified. And finally is availability. If we had a malicious user bring a server down or make it unusable, that could do a lot of damage to our company. You’ve heard the saying that time is money. Well, that is very true in this ecommerce world. We want to make sure our network stays up and available. First, let’s consider the confidentiality security goal and some different ways that we might accomplish that.
We could use Firewalls, and a firewall is an appliance. Or sometimes we could run a firewall on a router. But this device typically sits at the edge of our network between our network and somebody else’s network, such as the Internet. And Firewalls can be set up to do something called stateful inspection. In other words, if I initiate a session with a web server from inside the trusted organization, the firewall can see that outgoing traffic to the internet and realized this session was initiated inside of the trusted network. And when the return traffic comes back from the web server, the firewall, because of its stateful inspection, is going to be able to recognize that return traffic as being part of the session that initiated on the inside of the trusted network.
But if somebody out on the internet tried to initiate a session, the firewall could block that. Something else we could do is use a series of access control lists or ACLs. Or sometimes you hear that pronounced as ACLs. And an ACL is a set of rules. It’s a set of access control entries which permit or deny specific traffic from a specified source to a specified destination. For example, maybe we only wanted to access our Linux host using secure shell, not Telnet. Well, we could block telnet as an example. And a third way of doing confidentiality and the main focus when it comes to confidentiality in this video is encryption. And I say that because there are other videos in this course where we discuss in more depth, firewalls and access control lists.
But in this video, we’re going to dive a little bit deeper into encryption. How do we scramble up the data so that if it is intercepted, it’s not going to be intelligible to that bad actor that intercepted the data? And there are two broad categories of encryption I want you to know about. The first one is symmetric encryption. Now, symmetric means that the source and the destination for this encrypted traffic, they’re going to have a symmetric key. And a key is a big long string of data that can be used to unlock or decrypt our encrypted data. And a symmetric key means the source and the destination have the same key. It’s called a shared secret key. And you might wonder how do we get that shared secret key to those different devices? Well, one way is to do it out of Band, where maybe we call somebody up on the phone and we have them enter this shared secret key.
Or we give it to somebody on a USB flash drive as an example. But somehow the source and destination, they have the same shared secret key and it’s able to encrypt and decrypt the data. And it’s very, very fast. And there are a few different encryption algorithms that use symmetric keys I want you to know about. The first one is des. That stands for Data Encryption Standard. And this is a very old one. This is no longer considered secure. This was developed back in the mid 1970s and it uses a 56 bit key. More secure than des is something called Triple Des. Written three Des, this was developed in the late 1990s. It uses 356 bit keys for a total of 168 bits. And it is considered to be more secure than Des. However, that really depends on how we implement triple Des.
It can be implemented in different ways. One way to do this implementation is to have all three of those 56 bit keys be different. There’s another way where two of the keys could be the same and one is different. Or you could have all three be the same 56 bit key. That’s going to give us backwards compatibility with Des, but it’s not terribly secure. But triple Des overall is considered more secure than Des. However, today sort of the flagship encryption algorithm that we’re going to be turning to most often is AES. That’s the advanced encryption standard. This was released back in 2001 and it can use a variety of key lents. For example, it could use a 128 bit key, a 192 bit key, a 256 bit key.
And the more bits, the more secure the key. And this is what is widely used on our networks today, including wireless networks. Now let’s contrast symmetric keys with asymmetric keys. Asymmetric keys are different. They’re asymmetric. In other words, the source and the destination. In this conversation, they can have different keys. And we’re going to walk through an example of how that works. We’ll pretend that we’re going to go buy something on Amazon. com and we’ll see how that asymmetric key works. And the algorithm that is typically used is called RSA. And those are the initials of the developers of this algorithm revest, Shamir, and Adelman. But first, let’s take a look at symmetric encryption.
Here, the client wants to send traffic confidentially to the server. Well, it’s going to have a shared key. That key is shared with the server. They have the same key, and the client is going to scramble the data up using that shared secret key. The server can then take its key, which matches, and it can decrypt that data. Again, this happens very rapidly. Asymmetric encryption is much slower, but it can be more flexible because we still have the challenge of how do we get this shared secret key on these two different devices. So let’s take a look at a common example of asymmetric encryption. And in this example, we’ll pretend that we’re going to go out to Amazon. com to buy something.
And notice in this topology on the Internet, we have a server labeled a CA. Now, that stands for a certificate authority, or some literature calls that a certification authority. But that CA is a trusted third party. We know that if that CA says that something sent from Amazon is really from Amazon, we can trust it. Let’s go through the steps of how this happens. Amazon is going to have a digital certificate, typically an x 509 version, three digital certificate. And that digital certificate that it got from a trusted third party, let’s just pretend it’s Verisign. There are many different companies out there. That’s the first one that comes to mind, though. Let’s pretend that they got this digital certificate from the CA. In other words, the trusted third party of Verisign.
And when they’re given this digital certificate, they receive two keys, a public key and a private key. Here’s how they work. If I encrypt something with the public key, it can only be decrypted with the private key. And if something is encrypted with the private key, it can only be decrypted with the public key. Now the public key I will make freely available to the public. But the private key, I’m going to keep that private. I’m not going to give that to anyone. So let’s see how this can play into this secure connection. The client wants to buy something from Amazon. com, and to do that, it wants a secure connection to enter credit card information.
So we communicate to Amazon. com that we would like to have a secure communication with them so that we can buy something. And Amazon. com says, all right, here’s how we’re going to do this. Take a look at my digital certificate. And the server sends the digital certificate to the client. Now, this digital certificate contains Amazon’s public key. Remember that the public key is available to the public, to whoever wants it. But I want to make sure that this certificate really did come from Amazon, not just somebody claiming to be Amazon. And to do that, I can make sure that it is signed by a trusted third party like Verisign. We’ll pretend that they are the CA in this example. And when I say signed, I’m talking about encrypted. You see, Verisign, they also have a public and private key, and they have encrypted Amazon dot com’s digital certificate with their private key, meaning it can only be decrypted with their public key, which, again, they will freely give out to anyone. So we’re going to use the CA’s public key to decrypt this digital certificate that Amazon. com sent us. And if it successfully decrypts that Amazon. com digital certificate, we know that that certificate really did come from Amazon because we just decrypted it using our CA’s public key. Which brings up the question, how did we get the CA’s public key? It’s built into your Web browser. If you dig into your Web browser, you may be able to find an area where it shows you the trusted third parties that are known to that browser, and you can go in and look at the digital certificates that are built into your Web browser. So Verisign, as an example, their public key, it was built into the Web browser. So we can use that to check the validity of another digital certificate that we receive that has been signed, in other words, encrypted by the CA’s private key. We can make sure it really is coming from the party that we think we’re communicating with.
So at this point, I have in my possession a validated copy of Amazon dot com’s digital certificate, which contains Amazon dot com’s a public key. So what I’m going to do is the client, I’m going to generate a random string and I’m going to send it over to Amazon. But before I do that, this big random string that I’m going to call the session key, I’m going to encrypt it with Amazon com’s public key. That means if somebody were to intercept this communication in transit, they would not be able to see what this session key is that I just created randomly, because they would have to have Amazon dot com’s private key to decrypt something that I’ve encrypted with their public key. And Amazon doesn’t give that out.
So this session key is going to be sent over to Amazon. com, and when they get it, they can decrypt it with their private key, which only they are in possession of. And when they decrypt it, suddenly they see this big random string that my computer made that we’ve called the session key. And the reason we say it’s a session key, it’s going to be valid for the duration of this session. But do you see what’s happened here? We now have a shared secret key. The client and the server, they have a symmetric key. They’re the same. And this key, the session key we’re calling it, is going to be used for the duration of this session. And we mentioned that symmetric encryption was a lot faster than asymmetric encryption. Well, now we can switch over to symmetric encryption.
We used asymmetric encryption just long enough to get symmetric encryption set up to do that key exchange. And now we can use the very fast symmetric encryption. And the second goal we had for security was integrity. We want to make sure that data has not been modified in transit, whether it was accidental or if it was malicious. We want to prevent that from happening or check to make sure it did not happen. And to do that, we’re going to use something called hashing and a hashing algorithm. And we’ll take a look at a couple of those. I want you to think of those as taking a fingerprint of our data. And if the source takes this digital fingerprint of the data, and the destination takes a digital fingerprint of the data, and you compare fingerprints, if they’re the same, then we’ve got some assurance that this data has not been modified or corrupted because the fingerprints match.
As an example, one hashing algorithm is called MD Five, that’s message Digest Five. That gives us a 128 bit hash digest. That’s the fingerprint I was talking about. In fact, sometimes when you go to download a file from the Internet, next to the link where you download the file, you’ll see something like an MD Five hash digest. So once you download the file, you can run the MD Five hashing algorithm on the file you just downloaded and see if your result matches their result. And if they’re the same, then you’ve got some assurance that this file has not been corrupted or modified. And I want you to make the distinction that we are not talking about encryption here. This is a common point of confusion. For example, let’s say I took a three letter word like cat, and I ran the MD Five hashing algorithm on that. What would we have as a result? Well, the result would be a 128 bit hash.
What if I took a book that contained 500 pages and I ran the MD Five hashing algorithm on that? What would the result be? 128 bits. I think that makes the point that there’s no way we could expand those 128 bits to a 500 page book. There’s simply not enough data there, so we’re not encrypting it such that it can be decrypted where we could extract the original data. That’s not what we’re doing. We’re just taking a digital fingerprint to make sure it matches on both the source and the destination. More secure than MD Five though, is something called Sha One. That stands for secure hash Algorithm One. It uses a 160 bit digest. However, we still have a bit of a paradox that we have to deal with. If I send you a file and say, here is the file you wanted. Oh, and by the way, here’s the MD Five hash digest.
So you run MD Five and make sure it matches this digest. If I send you that piece of information and you run your MD Five hashing algorithm on that file, and sure enough, your MD Five hash digest matches the one that I sent you, does that guarantee that the file has not been modified? Well, what if that file were intercepted or hosted by an untrusted third party, perhaps a malicious third party? Well, they could have a corrupted file that might contain malware, and they’ve run the MD Five hashing algorithm, so they’re happy to give you the resulting MD Five hashing algorithm. So when you run it on that modified file, you’re going to get a matching hash digest, but it’s matching something created by this bad person on the Internet.
How do we make sure that the file is not intercepted and somebody creates a new fingerprint after modifying the file? Well, to prevent that, we can use something called HMAC. That stands for hash based message authentication code. And it’s going to use a shared secret key like we’ve talked about in conjunction with the hashing algorithm to create the hash digest. So now if a malicious third party were to intercept that data and they modified it and they tried to create a matching hash digest, they wouldn’t be able to because if we’re using HMAC, they don’t know the shared secret key that went into the calculation of the hash digest. So that’s going to provide integrity. And finally, we discussed availability. We want to make sure that our network is up.
And the gold standard for network availability is called the five nines of availability, meaning that our network is up 99. 99% of the time. And if you do the math, that translates to only about five minutes of downtime per year. That’s sort of a lofty goal, but that’s what we want to shoot for. And some of the things that might prevent us from being available is we could be attacked with improperly formatted data. And it’s not necessarily an attack. This could be unintentional, it could be accidental. But improperly formatted data might take advantage of a vulnerability in an operating system, for example, that would crash the server. The server may be attacked with a Dos attack. A dos or a denial of service attack.
This is where an attacker is just going to flood the target system, maybe your server with so much data that the server is occupied. Dealing with that onslaught of data. So it’s not able to do its regular job. It makes it unavailable. Or a stronger version of a Dos attack is a DDoS attack or a Distributed Denial of Service attack. Here it’s not just one attacker that’s flooding your system with data. They have coordinated an attack that could be coming from hundreds or thousands of computers around the world, where all of those computers are simultaneously flooding your server with data. How do you prevent something like that? Well, it’s a few best practices.
We want to make sure that we have our operating systems up to date, so we want to apply those OS patches. We could also have some security appliances in our network, such as an intrusion detection system sensor, an IDs, an intrusion prevention system sensor, or an IPS, and maybe a Firewall. Now, an IDs and an IPS, what is the difference there? Well, an IDs system is going to get a copy of data coming into your network and it’s going to analyze those copies that it’s receiving against a database it has of well known attacks. And you want to keep that database up to date, and it’s going to be able to notice that this sequence of data coming in, this matches this attack. I think we’re being attacked, and it can communicate to the firewall to add a rule to start blocking traffic coming in from that IP address as an example.
So it’s going to be a little reactive, but something that can be more proactive is an IPS, because with an IPS, an intrusion prevention system sensor, we’re not just getting a copy of traffic. The traffic coming in from the Internet, as an example has to pass through the IPS device so it can stop that traffic in its tracks before it even gets to the target system. And like in IDs, it has a database of well known attacks. It’s able to recognize the signature of those attacks and stop it in its tracks in a firewall appliance. As we mentioned earlier in this video, it can help prevent those attacks coming in from the outside because we can set it up to block traffic that originates on an untrusted network like the Internet. And that’s a look at three primary goals of security confidentiality, integrity, and availability.