This section will demonstrate common information security problems mapped with OSI seven layers and evaluate the same for solutions to secure the organisation’s information resources.
Layer 1 – Physical Layer
- The physical layer is responsible for the physical communication between end devices .
- The logical first step in securing our information is to insure that the physical resources are not compromised.
- Quite often, technologists fail to recognize the importance of the simple measures, like properly locking storage units, server cabinets, equipment rooms and office spaces.
- Gaining access to resources is the first step in compromising them. Where is the information stored and who might have physical access to it?
- Typically, efforts to physically secure information are a shared responsibility between technologists and those who manage the facility in which the information resides.
- In some organizations, you must have a card key, hardware key, biometric access to enter areas where sensitive information can be accessed.
- Even with the resources physically locked, they are at risk.
- Social engineering is a form of infiltration that takes advantage of common social interaction to gain physical access.
- Environmental factors should also be considered.
- In extreme circumstances, a good disaster recovery plan is essential in the event that information resources are compromised.
- Off-site data storage, asset inventories and vendor contacts are critical to knowing what to replace, where to get replacements and how to restore access.
Physical Layer Vulnerabilities
- Loss of Power
- Loss of Environmental Control
- Physical Theft of Data and Hardware
- Physical Damage or Destruction of Data And Hardware
- Unauthorized changes to the functional environment (data connections, removable media, adding/removing resources)
- Disconnection of Physical Data Links
- Undetectable Interception of Data
- Keystroke & Other Input Logging
Physical Layer Controls
- Locked perimeters and enclosures
- Electronic lock mechanisms for logging & detailed authorization
- Video & Audio Surveillance
- PIN & password secured locks
- Biometric authentication system
- Training users against Social Engineering
- Physical locks, both on equipment and facilities housing the equipment, are imperative to keep intruders out. In order to use information one must have access to it.
- Building up good Disaster Recovery Plan
Layer 2 – Data Link Layer
- Data Link Layer is responsibility is to place frames on the network medium and insure that delivery is error free. This is where the MAC (hardware) address of communication devices is utilized and checksums for error in delivery are applied.
- A device that runs on promiscuous mode when used with packet filter can be helpful for analysers and hackers as well to analysis traffic for flow analysis, problem determination and code debugging.
- A hacker prefers using software to spoof a MAC address, capturing traffic destined for a specific machine. In either event, contained in the traffic could be important data or even usernames and passwords for access to even more sensitive information.
Data Link Layer Vulnerability Examples
- MAC Address Spoofing (station claims the identity of another)
- VLAN circumvention (station may force direct communication with other stations, bypassing logical controls such as subnets and firewalls.)
- ARP Poisoning attack.
- Spanning Tree errors may be accidentally or purposefully introduced, causing the layer two environments to transmit packets in infinite loops.
- In wireless media situations, layer two protocols may allow free connection to the network by unauthorized entities, or weak authentication and encryption may allow a false sense of security.
- Switches may be forced to flood traffic to all VLAN ports rather than selectively forwarding to the appropriate ports, allowing interception of data by any device connected to a VLAN.
Data Link Layer Controls
- MAC Address Filtering- Identifying stations by address and cross-referencing physical port or logical access
- Layer 2 switches provide the ability to create logically separate LANs on the same physical device, called VLANs. Using traffic and protocol access control lists or filters provides us with some form of protection at this layer.
- Quality-of-Service marking and prioritization control protocols give us the ability to control and better utilize existing bandwidth. This is typically accomplished using appropriate class-of-service or differentiated services code point (DSCP) values.
- Disabling untrusted Layer 2 ports will reduce traffic to and from hosts.
- Disable the default VLAN 1 port . As you tighten up your defences at Layer 2, you will need to leave a port open for management purposes, preferably out-of-band.
- Do not always use VLANs to enforce secure designs. Layers of trust should be physically isolated from one another, with policy engines such as firewalls between.
- Wireless applications must be carefully evaluated for unauthorized access exposure. Built-in encryption, authentication, and MAC filtering may be applied to secure networks.
- Telnet capabilities should be completely filtered if not required.
Layer 3 – Network Layer
- Network layer is used to determine the best path from source to destination host on a network.
- IP addresses are assigned and utilized at this layer for unique identification. For communication with internet public IP address should be assigned. This address allows a system to contact the outside world and allows the outside world to contact the host. It is logical to consider this border to our system vulnerable.
Network Layer Vulnerabilities
- Route spoofing – propagation of false network topology
- IP Address Spoofing- false source addressing on malicious packets
- Identity & Resource ID Vulnerability – Reliance on addressing to identify resources and peers can be brittle and vulnerable
Network Layer Controls
- Route policy controls – Use strict anti-spoofing and route filters at network edges
- Firewalls with strong filter & anti-spoof policy
- ARP/Broadcast monitoring software
- Implementations that minimize the ability to abuse protocol features such as Broadcast
- Network Address Translation (NAT) is a service that temporarily assigns a private IP address to a public IP address. In this sense, for a time, there is a one-to-one relationship between a private and a public address. It is necessary to lease a pool of public IP address for NAT to work.
- Port Address Translations (PAT), on the other hand, allows a single public IP address to be bound to multiple virtual ports. In this way, multiple networked hosts can share a single public identity on the Internet, providing a more cost effective and secure solution. In either event, the internal IP address is hidden to the outside world, providing us with some anonymity.
- Remote access through Internet tunnelling takes place at Layer 3. Virtual Private Networking (VPN) allows us to establish credentialed connections and transmit encrypted payloads across pre-existing Internet channels.
- This is not a safe assumption considering only external threat statistically, most information breeches take place from the inside. If a system requires an IP address to participate in network communications, then perhaps we may need to consider how IP addresses will be assigned.
- Dynamic Host Configuration Protocol (DHCP) has been widely accepted and used due to its ease of administration, lower risk of human error and flexibility.
- When securing a network from unauthorized access is more important than the benefits of DHCP, static IP assignment should be considered.
- When identification of specific hosts on a network is particularly threatening, then DHCP with a very short lease length may be more appropriate.
Layer 4 – Transport Layer
- Finding a system on the Internet requires knowing the public IP address assigned to it. To target a specific application on a system, an intruder would need to know the IP address to locate the system and the port number assigned to the application, collectively referred to as a socket. A computer system has 65535 ports. These ports can be further broken down into three categories: well known, registered and dynamic. This is where Layer 4 security is applied.
- Many applications utilize well known TCP and UDP ports.
- An FTP server will, by default, utilize TCP port 21. If the file server providing the FTP service is not meant for public domain, it is best to change the default port number and divulge the new port number to authorized users only.
- In this way, we can confuse and stall potential intruders by using private ports in place of well-known ports.
- Trojans, malicious programs masquerading as benign programs, tend to target specific TCP and UDP ports .
- An open port that is infected by a Trojan will require cleaning. Virus scan software helps to protect systems at this layer.
- Security issues at the Transport Layer are concerned with availability of end-to-end data transmissions. Layer 4 switching provides the ability to control traffic, not only utilizing IP addresses and MAC addresses of the lower layers, but also by specific application incorporating the upper layers of the OSI model.
Transport Layer Vulnerabilities
- Mishandling of undefined, poorly defined, or “illegal” conditions
- Differences in transport protocol implementation allow “fingerprinting’ and other enumeration of host information
- Overloading of transport-layer mechanisms such as port numbers limit the ability to effectively filter and qualify traffic.
- Transmission mechanisms can be subject to spoofing and attack based on crafted packets and the educated guessing of flow and transmission values, allowing the disruption or seizure of control of communications.
Transport Layer Controls
- Strict firewall rules limiting access to specific transmission protocols and subprotocol information such as TCP/UDP port number or ICMP type
- Stateful inspection at firewall layer, preventing out-of-state packets, “illegal” flags, and other phony packet profiles from entering the perimeter
- Stronger transmission and layer session identification mechanisms to prevent the attack and takeover of communications
- Prioritization based on application allows us to better control and utilize our bandwidth. Better control measures offer a more secure a level of service.
- Further securing of this layer can take place by using a secure form of TCP.
- Extended Three-way Handshake extends traditional TCP handshaking techniques to deliver negotiation data and key exchange data.
- State Transition is a secure TCP method that utilizes host state to differentiate authorized transmissions.
- Data integrity can be achieved through MAC (Message Authentication Code) to identify if an attacker has modified data.
- Data confidentiality can be achieved through encryption and must be addressed at the same time as data integrity.
Layer 5 – Session Layer
- Session layer is use to facilitate communication with a receiving device by establishing, maintaining, synchronizing, controlling and terminating connections. In short deals with session handling between systems. During this process of communication, verification of entities can take place.
- Also referred to as Transport Layer Security, Secure Socket Layers (SSL) is a technology designed to confirm the identity of hosts and servers. Although called Transport Layer Security, this function lies just above the transport layer and is truly session layer based.
- SSL is often the protocol used for secure credit card transactions on the Internet. Using server authentication, a server’s identity can be verified by a Certificate Authority (CA) using Public Key cryptography. The same can be applied using client side authentication.
- SSL uses different ciphers, cryptographic algorithms, to provide encrypted session services. Cipher suits provide a wide range of encryption settings.
- The SSL Handshake Protocol enables the authenticated client and server to negotiate which cipher will be used. This helps reduce susceptibility to a “man-in-the-middle” attack, so even if the session gets intercepted, the data would be protected by encryption.
Session Layer Vulnerabilities
- Weak or non-existent authentication mechanisms
- Passing of session credentials such as user ID and password in the clear, allowing intercept and unauthorized use
- Session identification may be subject to spoofing and hijack
- Leakage of information based on failed authentication attempts
- Unlimited failed sessions allow brute-force attacks on access credentials
Session Layer Controls
- Encrypted password exchange and storage
- Accounts have specific expirations for credentials and authorization
- Protect session identification information via random/cryptographic means
- Limit failed session attempts via timing mechanism, not lockout
Layer 6 – Presentation Layer
- Presentation Layer deals with encryption. When the data is received, what form will it take? Encryption techniques allow us to scramble the packet contents, requiring a special code to reveal them.
- The more sophisticated the encryption algorithm, the harder it is to gain access to the data.
- Proper planning is necessary to calculate security needs and balance them with resource limitations.
Presentation Layer Vulnerabilities
- Poor handling of unexpected input can lead to application crashes or surrender of control to execute arbitrary instructions.
- Unintentional or ill-advised use of externally supplied input in control contexts may allow remote manipulation or information leakage.
- Cryptographic flaws may be exploited to circumvent privacy protections
Presentation Layer Controls
- Careful specification and checking of received input incoming into applications or library functions
- Separation of user input and program control functions- input should be sanitized and sanity checked before being passed into functions that use the input to control operation
- Careful and continuous review of cryptography solutions to ensure current security versus know and emerging threats.
Layer 7 – Application Layer
- Application layer is the layer where services support user applications, that authentication takes place.
- The most common form of authentication is username and password which should have unique ID and confidential password. Therefore, it is essential to have an effective account policy.
- Encryption of these two credentials, username and password, is also feasible atthis level. Application layer encryption adds yet another element of protection.
Application Layer Vulnerabilities
- Open design issues allow free use of application resources by unintended parties
- Backdoors and application design flaws bypass standard security controls
- Inadequate security controls force “all-or-nothing” approach, resulting in either excessive or insufficient access.
- Overly complex application security controls tend to be bypassed or poorly understood and implemented.
- Program logic flaws may be accidentally or purposely used to crash programs or cause undesired behaviour
Application Layer Controls
- Application level access controls to define and enforce access to application resources.
- Controls must be detailed and flexible, but also straightforward to prevent complexity issues from masking policy and implementation weakness
- Standards, testing, and review of application code and functionality-A baseline is used to measure application implementation and recommend improvements
- IDS systems to monitor application inquiries and activity
- Some host-based firewall systems can regulate traffic by application, preventing unauthorized or covert use of the network.