250 likes | 382 Views
Introduction. IT443 – Network Security Administration Instructor: Bo Sheng. Basic Information. Location and time S-3-028, Tuesdays and Thursdays 12:30~1:45pm Instructor (Bo Sheng) shengbo@cs.umb.edu 617-287-6468 Office: S-3-075 Office hours: Tu & Th , 2~4pm. Course Outline.
E N D
Introduction IT443 – Network Security Administration Instructor: Bo Sheng
Basic Information • Location and time • S-3-028, • Tuesdays and Thursdays 12:30~1:45pm • Instructor (Bo Sheng) • shengbo@cs.umb.edu • 617-287-6468 • Office: S-3-075 • Office hours: Tu & Th, 2~4pm
Course Outline • Network Basics • Network layers, headers, services, … • TCP/IP, MAC, DNS, ARP, … • Cryptography Basics • Secret key encryption, Public key encryption, Hash function • Doesn’t cover theoretical foundation • Authentication • Password, challenge/response, mutual authentication, …
Course Outline • Public Key Infrastructure • PKI architecture, certificates, … • IPsec • Secure IP layer protocol • SSL/TLS • Secure transport layer protocol • Firewall • Prevent attacks, iptables, …
Course Outline • Intrusion Detection System • Host-based IDS and network-based IDS • Email Security • Wireless security / Worm (backup) • Rouge AP attacks, WEP crack, Worm propagation/detection, …
Course Work • 6~7 lab assignments (70%) • Team of 2 students • Lab report • Final exam (30%) • Lecture + Lab • Virtual machines
Lab Outline • Understanding network packets • IP prefix, DNS service • Encryption/decryption • Conduct file encryption (openssl) • Distinguish cryptographic algorithms • Password cracking • Dictionary attack, john-the-ripper • Network attacks • SYN flood, ARP poisoning
Lab Outline • Implementing certificate • Set up https service • Configuring a firewall • iptables • System monitoring • Remote logging • Intrusion detection • Aide and Snort • SQL injection (backup)
Other Info • Course web page • http://www.cs.umb.edu/~shengbo/teaching/it443.html • Prerequisite • IT341 • If you take IT341 later, you will lose the credits of this course.
Policies • Lab reports • Partial points will be given, but no later submissions are accepted. • Honor code • No makeup exam • Accommodations • Ross Center for Disability Service • Campus Center Room 211 • 617-287-7430
Information • Door code: 643478* • Login: Your windows account • If you use your own laptop, install • Vmware workstation 8.0 • Virtualbox • Install Ubuntu Desktop on a VM • Vmware key: 4H02N-T8142-P8TYE-AR02H-A9KKL • http://wes.cs.umb.edu/it443/ubuntu-10.04.4-desktop-i386.iso
Introduction to Network Security • Security Breaches • http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/ • Symantec Threat Explorer • http://us.norton.com/security_response/threatexplorer/index.jsp • Email Spam
Introduction to Network Security • Security threats • Malware: Virus, worm, spyware • Spam • Botnet • DDoS attacks • Phishing • Cross-site scripting (XSS) • …
Contributing Factors • Lack of awareness of threats and risks of information systems • Security measures are often not considered until an Enterprise has been penetrated by malicious users • Wide-open network policies • Many Internet sites allow wide-open Internet access • Lack of security in TCP/IP protocol suite • Most TCP/IP protocols not built with security in mind • Complexity of security management and administration • Software vulnerabilities • Example: buffer overflow vulnerabilities • Cracker skills keep improving
Security Objectives (CIA) • Confidentiality — Prevent/detect/deter improper disclosure of information • Integrity — Prevent/detect/deter improper modification of information • Availability — Prevent/detect/deter improper denial of access to services provided by the system
OSI Security Architecture • ITU-T X.800 “Security Architecture for OSI” • Defines a systematic way of defining and providing security requirements • It provides a useful, if abstract, overview of concepts we will study
Aspects of Security • 3 aspects of security: • security attack • Any action that compromises the security of information owned by an organization • security mechanism • A process that is designed to detect, prevent, or recover from a security attack • security service • Counter security attacks: make use of one or more security mechanisms to provide the service
Threat Model and Attack Model • Threat model and attack model need to be clarified before any security mechanism is developed • Threat model • Assumptions about potential attackers • Describes the attacker’s capabilities • Attack model • Assumptions about the attacks • Describe how attacks are launched
Security Mechanism (X.800) • Specific security mechanisms: • encipherment, digital signatures, access controls, data integrity, authentication exchange, traffic padding, routing control, notarization • Pervasive security mechanisms: • trusted functionality, security labels, event detection, security audit trails, security recovery
Security Service • Enhance security of data processing systems and information transfers of an organization • Intended to counter security attacks • Using one or more security mechanisms • Often replicates functions normally associated with physical documents • For example, have signatures, dates; need protection from disclosure, tampering, or destruction; be notarized or witnessed; be recorded or licensed
Security Service • Authentication - assurance that communicating entity is the one claimed • Access Control - prevention of the unauthorized use of a resource • Data Confidentiality –protection of data from unauthorized disclosure • Data Integrity - assurance that data received is as sent by an authorized entity • Non-Repudiation- protection against denial by one of the parties in a communication • Availability– resource accessible/usable
Check network connection • ping google.com • Log out