Network Security
Security for Distributed Systems: An Overview of Firewalls, Segmentation and Transport Layer Security
Author: --Bchi039 22:52, 15 September 2008 (NZST)
Abstract
The aim of this report is to explore different network security concepts and technologies beyond the scope of SE325: Software Architecture. It is assumed the reader knows the basics of eavesdropping, masquerading, tampering and replaying. They are also expected to have understood the basics of digital signatures and certificates. This report will look at some security concepts and the technologies that implement these concepts. It will focus on the concept of network segmentation and firewalls that make this concept become a reality. The report will also look at the technologies of Transport Layer Security (TLS) and its predecessor, Secure Socket Layer (SSL), and their role in ensuring the security in a network. The report will conclude by briefly looking at how these technologies are needed to be combined in order to archive the maximum security possible, while maintaining the usability of the network.
Background
The growth of the internet and e-commerce over the past decade has increased the importance of security between networked computers. Interaction between computers involves sending data across a network, and there are many cases when we wish these data to be viewed by a limited group of people. However, without proper security mechanisms established over the network, this condition cannot be guaranteed. In order to achieve this goal, sufficient security measures must be put in place.
Network Segmentation
Security breach can be categorized into external or internal. That is, whether the attack is from an IP outside the network, or inside. These days, businesses and organisations usually network their computers to form a private network. These networks are for internal uses and are not intended to be seen by outside audiences. An example would be a university’s intranet or a LAN. While these networks might not be the subject of attack by outside forces, data can be violated by computers in the network, whether it was intentional or not. A simple case would be the HR department has access to the Accounting department’s data. Employees can accidentally (or deliberately) modify the data and causes chaos in the company.
Network segmentation is the idea of partitioning a network in a predetermined manner that will eliminate such security breaches. Using the previous example, if the network is designed so that the HR department cannot see the data is private to the Accounting department then the scenario cannot happen. This segmentation method is based on the job or the task responsibility.
Another common segmentation approach is based on threat or risk level. Critical systems will have less accessible points and most users will operate on a common, less critical network. An example would be a school network system. The administration network should not be open to students, who might incline to modify personal details such as their grades. Similarly, computers controlling the radiation level in a laboratory might be partitioned from the rest of the network in case the network falters.
A third approach is the idea of segmentation base on service types. An e-commerce company relies on exterior connections (clients) to their website. However, the company itself may also be maintaining a private network (or networks) for different purposes. An insecure network design may allow outsiders access to the company’s inner networks. Segmentation base on service types can restrict only HTTP access to a particular machine (i.e. the web host) and deny all other services from IP outside the private network (i.e. from the internet).
The biggest advantage of segmentation is its ability to contain the impact of breaches. Through segmentation, only a portion of the network is compromised in the case of an attack, and therefore the risk on the data and system or the cost of recovery is minimised. Segmentation also reduces the impact when a user unintentionally released a virus or a worm onto the network. If the network is not segmented, it is likely the whole network is required to be shut down for repairs. However, if the network is partitioned, only that section of the network is infected while the rest of the network carries on with its tasks.
Routers and Firewall
Implementing network segmentation is commonly achieved by the use of routers and firewalls. A router is a device that sits in between sub-networks and manages network traffic flowing to or from these networks. The router uses Access Control Lists (ACL), which implements packet filtering rules based on the current segmentation policy.
ACL is a list of statements specifying access permission for certain IP addresses. When a data packet arrives to the router, the source IP is checked against the ACL in the router. If the IP is matched to one of the entries, the packet is either discarded or forwarded on depending on the permission value (accept or deny) in the entry. If the IP address is not matched, the router takes a default action depending on the settings. This enables segmentation based on risk level or job responsibility because companies tend to allocate one IP per computer. It is important to note when a packet is checked against the ACL, it is matched to the first matching entry whether it’s an exact match or “wildcard” match. This is important to remember when setting up the ACL. An ACL entry can also be specified to a particular service on a machine. This is done by specifying the port the service is listening to. For example, in implementing a segmentation based on services where HTTP is allowed but FTP is not, an ACL entry can deny packets from all IP using port 21 (the default FTP port), or set the default settings to deny all and accept packets from all IP using port 80.
However, ACL is essentially a protocol based filtering method and attacks can easily pretend to be from an accepted source IP. A firewall can provide added security on top of routers as they can perform more intense examinations. Also, different firewalls can be constructed at different layers of the OSI model, while the ACL is restricted on the third (network) layer.
A stateless firewall behaves identically to the ACL, in which all packets are inspected. A stateful firewall keeps a record on all current connections and determines whether a packet is from a new connection or from an existing one. This is based on SYN – SYN ACK – ACK handshake used in TCP connections. A connection is considered by the firewall as established when it has reached the ACK stage. Packets are checked against the record tables to find if it is a new connection or not. If a matching connection is found, the packet is sent forth without being checked against the rule set as it has been done at the beginning of the connection. Otherwise, the packet is treated as a connection request and the SYN – SYN ACK – ACK handshake is performed. This type of firewall keeps track of the state of the connection, and drops it after a certain period of in-activity from the client. This is to prevent denial of service attacks where many connections are sent in attempt to flood the server.
The third type of firewall operates on the application layer. It uses proxy servers and proxy services rather than forwarding packets through the firewall. Traffic is stopped at the firewall and attempts to connect to the service it wants, assuming the proxy service exists. This increases the security of network as the administrator controls what services are available by opening and closing proxy services. The administrator also has the ability view the content of the traffic, decides if it is appropriate and configures the proxy service to support only certain features. This however, requires knowledge, time and equipment that might not be readily available to small companies, especially self employed e-commerce services.
Secure Socket Layer and Transport Layer Security
While routers and firewalls protect the network from incoming attacks, they do not provide security measures to ensure the data being transferred is legitimate. Secure Socket Layer (SSL) and Transport Layer Security (TLS) are cryptographic protocols that provide secure communications (data transfer) over a network. They are usually used in the secure http protocol or https.
Depending on the level of security, the server may need the client to be authenticated, but the server is always verified. When a client connects to the server on a secure connection, it also sends a list of ciphers and hash functions. The server will choose the strongest available cipher and hash function and sends the decision back to the client. The server will usually then sends a digital certificate to confirm its identity. The client can choose to verify this by asking the trusted certificate authority (CA). Assuming the validation returns true, the client sends an encrypted message to the server using the server’s public keys. Since only the server can decipher the message with its private key, both parties can now generate a new key based on the previous encrypted message. This way, the server and the client shares a common key for encrypting and decrypting messages. If the security requires the client to also be authenticated, an extra phrase will occur. This is a repetition of the certificate verifying but using the client’s certificate. Once the server has confirmed the identity of the client, a new key is generated based on a shared message. All other messages are then encrypted and decrypted using this key.
This type of security is entirely dependent on the owner of the service (on the server), who can choose to implement this technology or not. For example, a personal blog might not require such security but an e-commerce website do. Yet both are hosted on the same web server that has enabled TLS or SSL protocols. It is then up to the e-commerce company to design their website using the available technology. However, this can be easily compromised if the network or the server itself is vulnerable to attacks. Private data can then be retrieved or modified, or settings on TLS or SSL could be changed to make it no longer secure.
Conclusion
It is easily seen that no security measure is perfect in the sense it will prevent the system or network from all types of attacks. However, each mechanism still plays an important part in the overall security, as they protect the system or network from certain groups of attacks.
A secure connection using SSL or TLS can ensure messages being transferred around are kept confidential but it does not protect the system from being compromised. On the other hand, a router and a firewall can increase the security over the network, but they cannot guarantee the data within the network are legitimate. A combination of the two mechanisms can improve the overall security on the network, as it is now protected against attacks on data transfer and on the system itself. However, there remains a number of ways these components can be a risk to the system. The implementation, installation of the component could be faulty, or if the two components are not merged together in a suitable manner, security risks or loop holes can remain in the network. Therefore, the integration of these mechanisms plays the biggest role in ensuring the security level of the network. It is this design stage that is most vital to a network’s security and should be given the most attention by developers.
Bibliography
- Transport Layer Security - Wikipedia. Retrieved September 1st 2008, from http://en.wikipedia.org/wiki/Secure_Sockets_Layer
- Mookhey, K. Common Security Vulnerabilities in e-commerce Systems. Retrieved September 1st 2008 from http://www.securityfocus.com/infocus/1775
- Mallery, J. and Zann, J. and Kelly, P. and Noonan, W. and Seagren, E. and Love, P. and Kraft R. and O’Neill M. (2005) Hardening Network Security. McGraw-Hill/Osborne, California
- Merkow, M. and Breithaupt, J. (2000) the Complete Guide to Internet Security. AMACOM American Management Association, USA.