Lecture 5: Internet security

목차

 

Internet Security

Phishing

Phishing: attack that attempts to steal your money, or your identity, by getting you to reveal personal information on websites that pretend to be legitimate.

 

 

Protocols

Internet Protocols are a set of rules that governs the communication and exchange of data over the internet.

Both the sender and receiver should follow the same protocols to communicate.

Many protocols are not secure by default.

E.g. HTTP, DNS

 

 

Internet Traffic Path

Router forwards the packet to ISP (e.g KPN) and ISP sees where the packet has to go and then sends it off to internet (IXP) and then eventually gets to the webserver.

 

 

Internet Traffic Path - VPN

With VPN, encrypt data with VPN and sends the data. VPN provider can look at our data.

 

 

Role of Secure Protocols and Standards

Interoperability: Protocols and standards ensure that different systems can communicate securely and effectively.

Baseline Security: Standards establish a minimum level of security that is widely accepted.

Regulatory compliance: Many protocols and standards are incorporated in legal and regulatory framework, ensuring that organizations actually implement security.

 

 

Protocols - SSL and TLS

Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are protocols for securing communication over the web

HTTP → HTTPS (S : Secure)

It can encrypt, secure, and authenticate communications on the Internet by transparently adding security to the transport layer

 

 

 

 

HTTPS has encryption:

 

HTTP:

No verification of identity

All data is sent in plain-text

 

HTTPS:

Verifies that the IP address belongs to the domain

Sets up end-to-end encryption between the client and server

 

 

 

→ Computer encrypts the data so other steps cannot see what's contained in the package

 

 

SSL/TLS relies on cryptographic certificates

Certificates are signed by trusted parties, and applications specify which Certificate Authority is trusted.

 

Root CA we trust and it issues certificates to all kinds of websites to provide them with a green log.

The idea behind SSL/TLS is that the certiciate issuer is a trusted party

If a Root CA is compromised, the whole system is compromised

 

 

Protocols - DNS

 

 

In DNS, we have an id field of 16 bits long. If the attacker is in the middle of connection, that attacker can see what you were trying to send.

 

 

Protocols - DNSSEC

Root key is published

DNSSEC does not encrypt DNS but protects the integrity of the DNS information

DNSSEC creates a chain of trust to a root server

Another initiative is DNS over HTTPS, encrypting DNS traffic.

 

similar to TLS - user sends a query to recursive resolver and now the resolver asks for key material and gets it signed by the chain of trust

 

Key material is included in DNS response

This means that the response becomes much larger than the request (more amplification factors in DDOS attacks)

→ Security measures can have side effects

 

 

Protocols - Email

Email is formatted using the MIME standard.

There are three common protocols for sending and receiving email traffic:

- POP (Post Office Protocol): a one-way protocol that downloads emails from the server

- IMAP (Internet Message Access Protocol): A two-way protocol that synchronizes emails between client and server

- SMTP (Simple Mail Transfer Protocol): Responsible for the transfer of emails between clients and servers

 

All protocols are unencrypted by default

Securing communication on the wire is done by adding SSL/TLS on top of the email protocol.

→ POPS, IMAPS, SMTPS

 

Protocols - Email with SSL/TLS

TLS provides end to end encryption between the different servers, not between sender and recipient.

 

 

Email Spoofing

SMTP allows users to send mail with any source address

- Adversaries can send spam from any email address

- Adversaries can forge email addresses to impersonate a trusted sender, making it more likely that a victim will act on the email and open attachments.

 

Email Spoofing - Sender Policy Framework

SPF allows domain owners to specify which servers are authorized to send mail using the domain.

- A txt record is added at the DNS server of the organization, stating which IP addresses are authorized to send mail.

 

 

 

Email - DomainKeys Identified Mail (DKIM)

SPF validates whether the sender is legitimate, not that the content is authentic.

DKIM is designed to sign the email on a domain-level and distribute the key via DNS.

If an email is modified in transit, we can find out.