Network Security Models , Threats, TLS, SSL
Network Security Models
Various network security models are designed to regulate access and safeguard data:
- Access Control Lists (ACLs)
- Bell-LaPadula Model
- Biba Model
- Clark-Wilson Model
Access Control Lists (ACLs)
- ACLs are a set of rules or permissions attached to resources, such as files, folders, or network devices, that dictate which users or groups can access or modify those resources.
- ACLs offer granular control over resource access by specifying permissions for individual users or groups, including read, write, execute, or delete permissions.
- There are two main types of ACLs: discretionary ACLs (DACLs), which are set by resource owners, and system ACLs (SACLs), which control auditing and logging of resource access.
- ACLs are commonly used in network security devices, such as routers, firewalls, and switches, to regulate traffic flow based on IP addresses, protocols, or ports.
- Example: In a file system, an ACL may grant read and write permissions to a specific user or group, while denying access to other users, ensuring data confidentiality and integrity.
Bell-LaPadula Model
- The Bell-LaPadula model classifies information into security levels, such as
- top secret, secret, confidential, and unclassified, and enforces a strict hierarchy of access rights based on these levels.
- The model follows the "no read up, no write down" principle, meaning users can only read information at their security level or lower (no read up),
- and they can only write or modify information at their security level or higher (no write down).
- Example: In a military context, a soldier with a secret clearance cannot access top-secret documents (no read up),
- but they can create or modify secret-level documents (no write down).
- The Bell-LaPadula model primarily focuses on maintaining confidentiality by preventing unauthorized users from accessing sensitive information.
Biba Model
- The Biba model categorizes information into integrity levels, such as high integrity, medium integrity, and low integrity,
- and enforces a strict hierarchy of integrity rules to prevent data corruption or unauthorized modifications.
- Similar to the Bell-LaPadula model, the Biba model follows the "no read down, no write up" principle,
- meaning users can only read information at their integrity level or higher (no read down),
- and they can only write or modify information at their integrity level or lower (no write up).
- Example: In a financial system, a low-integrity user cannot modify high-integrity financial records (no write up),
- but they can access and view low-integrity data (no read down).
- The Biba model is commonly used in environments where data integrity is critical, such as financial systems, healthcare systems, etc.
4. Clark-Wilson Model
- The Clark-Wilson Model is a security model used to enforce data integrity and separation of duties in information systems.
- The Clark-Wilson Model is a security model used to enforce data integrity and separation of duties in information systems.
- In the Clark-Wilson Model, integrity is maintained through controlled transactions that adhere or follow to predefined rules.
- The model enforces a separation of duties principle, where different individuals or roles are responsible for different aspects of data handling.
- For example, one user may be responsible for entering data, while another user verifies and approves the data before it is committed.
Network Security Threats
Key cybersecurity threats include:
- Malware
- Phishing
- Dos Attacks
- Man in the Middle attacks
Malware
- Malware refers to malicious software designed to damage, or gain unauthorized access to computer systems.
- Common types of malware include viruses, spyware, adware , etc.
- A user unknowingly downloads a malicious attachment from a phishing email, which installs ransomware on their computer.
Phishing
- Phishing is a cyberattack technique where attackers act as or impersonate legitimate entities or trustworthy organisations ,
- (e.g., banks, companies) to trick individuals into revealing sensitive information or performing malicious actions.
- Example: An individual receives an email claiming to be from their bank, requesting them to click a link and update their account information.
- The link leads to a fake website designed to steal their login credentials.
Denial of Service (DoS) Attacks
- DoS attacks aim to disrupt or deny access to users by overwhelming a system, network, or server with excessive traffic or requests.
- DoS attacks can be launched using techniques such as flooding the target with traffic, exploiting vulnerabilities to crash services.
- Example: An attacker floods a company's website with a massive number of requests,
- causing the website to become unresponsive and denying access to legitimate or lawful users trying to access the site.
Man in the Middle Attacks (MITIM)
- Man in the middle attacks occur when an attacker intercepts and manipulates communication between two parties without their knowledge.
- MitM attacks can be carried out using techniques such as ARP spoofing, DNS spoofing, or exploiting insecure Wi-Fi networks.
- Example: In a Wi-Fi MitM attack, an attacker sets up a rogue access point with a similar name to a legitimate or lawful network.
- When users connect to the rogue network, the attacker can intercept their traffic, capture sensitive information like login credentials, etc.
What is Secure Socket Layer (SSL)?
- SSL (Secure Sockets Layer) is a cryptographic protocol used to secure communication over the internet.
- SSL encrypts data transmitted between a web server and a web browser, ensuring that sensitive information such as payment details, etc.
- SSL certificates are used to authenticate the identity of websites, confirming that users are connecting to legitimate or trustworthy servers.
- SSL provides data integrity by preventing data tampering or modification during transmission.
- Example: When a user accesses a secure website (e.g., an online banking site),
- SSL ensures that their connection is encrypted, authenticated, and protected against any network security that we have discussed above.
What is Transport Layer Security (TLS)?
- TLS provides authentication mechanisms to web servers and clients, using digital certificates issued by trusted Certificate Authorities (CAs).
- TLS supports multiple versions, with TLS 1.2 and TLS 1.3 being the most widely used versions today.
- Newer versions like TLS 1.3 offer improved security features and performance enhancements.
- TLS uses a handshake protocol to establish a secure connection between the client and server, including negotiating encryption algorithms, etc.
Public Key Infrastructure (PKI)
- Public Key Infrastructure (PKI) is a framework of policies used to manage digital certificates and facilitate secure communication over computer networks.
- PKI serves as a framework for managing digital keys and certificates,
- ensuring secure communication by utilizing public and private key pairs for encryption and decryption.
- PKI involves a trusted Certificate Authority (CA) that issues digital certificates to entities, such as users, servers, devices, or applications.
- PKI relies on digital certificates, which are electronic documents that contain information about the certificate holder, their public key, etc.
- Digital certificates are used for authentication, encryption, and digital signatures in secure communication.
Digital Signature Schemes
- Digital signatures validate the authenticity of digital documents.
- Digital signature schemes authenticate the sender of a message or document, ensuring that it originates from the claimed identity.
- Digital signatures provide non-repudiation, meaning the
- signer cannot deny their involvement in creating or sending the signed document or message.
- Digital signature schemes typically use public key cryptography,
- where a private key is used to create the signature, and a corresponding public key is used for verification.
- Example: In email communication, a sender uses their private key to digitally sign an email message.
- The recipient uses the sender's public key to verify the signature and confirm the message's authenticity and integrity.
Conclusion
Now we have basic understanding of Network Security Models such as Access Control Lists (ACLs) , Bell-LaPadula Model , Biba Model , Clark-Wilson Model and Network Security Threats such as malware, phishing , Dos etc.