Network Security Models , Threats, TLS, SSL

Network Security Models

• Access Control Lists (ACLs)
• Bell-LaPadula Model
• Biba Model
• Clark-Wilson Model

Access Control Lists (ACLs)

• ACLs are a set of rules or permissions attached to resources, such as files, folders, or network devices, that dictate which users or groups can access or modify those resources.
• ACLs offer granular control over resource access by specifying permissions for individual users or groups, including read, write, execute, or delete permissions.
• There are two main types of ACLs: discretionary ACLs (DACLs), which are set by resource owners, and system ACLs (SACLs), which control auditing and logging of resource access.
• ACLs are commonly used in network security devices, such as routers, firewalls, and switches, to regulate traffic flow based on IP addresses, protocols, or ports.
• Example: In a file system, an ACL may grant read and write permissions to a specific user or group, while denying access to other users, ensuring data confidentiality and integrity.

Bell-LaPadula Model

• The Bell-LaPadula model classifies information into security levels, such as
• top secret, secret, confidential, and unclassified, and enforces a strict hierarchy of access rights based on these levels.
• The model follows the "no read up, no write down" principle, meaning users can only read information at their security level or lower (no read up),
• and they can only write or modify information at their security level or higher (no write down).
• Example: In a military context, a soldier with a secret clearance cannot access top-secret documents (no read up),
• but they can create or modify secret-level documents (no write down).
• The Bell-LaPadula model primarily focuses on maintaining confidentiality by preventing unauthorized users from accessing sensitive information.

Biba Model

• The Biba model categorizes information into integrity levels, such as high integrity, medium integrity, and low integrity,
• and enforces a strict hierarchy of integrity rules to prevent data corruption or unauthorized modifications.
• Similar to the Bell-LaPadula model, the Biba model follows the "no read down, no write up" principle,
• meaning users can only read information at their integrity level or higher (no read down),
• and they can only write or modify information at their integrity level or lower (no write up).
• Example: In a financial system, a low-integrity user cannot modify high-integrity financial records (no write up),
• but they can access and view low-integrity data (no read down).
• The Biba model is commonly used in environments where data integrity is critical, such as financial systems, healthcare systems, etc.

4. Clark-Wilson Model

• The Clark-Wilson Model is a security model used to enforce data integrity and separation of duties in information systems.
• The Clark-Wilson Model is a security model used to enforce data integrity and separation of duties in information systems.
• In the Clark-Wilson Model, integrity is maintained through controlled transactions that adhere or follow to predefined rules.
• The model enforces a separation of duties principle, where different individuals or roles are responsible for different aspects of data handling.
• For example, one user may be responsible for entering data, while another user verifies and approves the data before it is committed.

Network Security Threats

• Malware
• Phishing
• Dos Attacks
• Man in the Middle attacks

Malware

• Malware refers to malicious software designed to damage, or gain unauthorized access to computer systems.
• Common types of malware include viruses, spyware, adware , etc.
• A user unknowingly downloads a malicious attachment from a phishing email, which installs ransomware on their computer.

Phishing

• Phishing is a cyberattack technique where attackers act as or impersonate legitimate entities or trustworthy organisations ,
• (e.g., banks, companies) to trick individuals into revealing sensitive information or performing malicious actions.
• Example: An individual receives an email claiming to be from their bank, requesting them to click a link and update their account information.
• The link leads to a fake website designed to steal their login credentials.

Denial of Service (DoS) Attacks

• DoS attacks aim to disrupt or deny access to users by overwhelming a system, network, or server with excessive traffic or requests.
• DoS attacks can be launched using techniques such as flooding the target with traffic, exploiting vulnerabilities to crash services.
• Example: An attacker floods a company's website with a massive number of requests,
• causing the website to become unresponsive and denying access to legitimate or lawful users trying to access the site.

Man in the Middle Attacks (MITIM)

• Man in the middle attacks occur when an attacker intercepts and manipulates communication between two parties without their knowledge.
• MitM attacks can be carried out using techniques such as ARP spoofing, DNS spoofing, or exploiting insecure Wi-Fi networks.
• Example: In a Wi-Fi MitM attack, an attacker sets up a rogue access point with a similar name to a legitimate or lawful network.
• When users connect to the rogue network, the attacker can intercept their traffic, capture sensitive information like login credentials, etc.

What is Secure Socket Layer (SSL)?

• SSL (Secure Sockets Layer) is a cryptographic protocol used to secure communication over the internet.
• SSL encrypts data transmitted between a web server and a web browser, ensuring that sensitive information such as payment details, etc.
• SSL certificates are used to authenticate the identity of websites, confirming that users are connecting to legitimate or trustworthy servers.
• SSL provides data integrity by preventing data tampering or modification during transmission.
• Example: When a user accesses a secure website (e.g., an online banking site),
• SSL ensures that their connection is encrypted, authenticated, and protected against any network security that we have discussed above.

What is Transport Layer Security (TLS)?

• TLS provides authentication mechanisms to web servers and clients, using digital certificates issued by trusted Certificate Authorities (CAs).
• TLS supports multiple versions, with TLS 1.2 and TLS 1.3 being the most widely used versions today.
• Newer versions like TLS 1.3 offer improved security features and performance enhancements.
• TLS uses a handshake protocol to establish a secure connection between the client and server, including negotiating encryption algorithms, etc.

Public Key Infrastructure (PKI)

• Public Key Infrastructure (PKI) is a framework of policies used to manage digital certificates and facilitate secure communication over computer networks.
• PKI serves as a framework for managing digital keys and certificates,
• ensuring secure communication by utilizing public and private key pairs for encryption and decryption.
• PKI involves a trusted Certificate Authority (CA) that issues digital certificates to entities, such as users, servers, devices, or applications.
• PKI relies on digital certificates, which are electronic documents that contain information about the certificate holder, their public key, etc.
• Digital certificates are used for authentication, encryption, and digital signatures in secure communication.

Digital Signature Schemes

• Digital signatures validate the authenticity of digital documents.
• Digital signature schemes authenticate the sender of a message or document, ensuring that it originates from the claimed identity.
• Digital signatures provide non-repudiation, meaning the
• signer cannot deny their involvement in creating or sending the signed document or message.
• Digital signature schemes typically use public key cryptography,
• where a private key is used to create the signature, and a corresponding public key is used for verification.
• Example: In email communication, a sender uses their private key to digitally sign an email message.
• The recipient uses the sender's public key to verify the signature and confirm the message's authenticity and integrity.

Conclusion