1 / 25

Introduction

Introduction. IT443 – Network Security Administration Instructor: Bo Sheng. Basic Information. Location and time S-3-028, Tuesdays and Thursdays 12:30~1:45pm Instructor (Bo Sheng) shengbo@cs.umb.edu 617-287-6468 Office: S-3-075 Office hours: Tu & Th , 2~4pm. Course Outline.

clio
Download Presentation

Introduction

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Introduction IT443 – Network Security Administration Instructor: Bo Sheng

  2. Basic Information • Location and time • S-3-028, • Tuesdays and Thursdays 12:30~1:45pm • Instructor (Bo Sheng) • shengbo@cs.umb.edu • 617-287-6468 • Office: S-3-075 • Office hours: Tu & Th, 2~4pm

  3. Course Outline • Network Basics • Network layers, headers, services, … • TCP/IP, MAC, DNS, ARP, … • Cryptography Basics • Secret key encryption, Public key encryption, Hash function • Doesn’t cover theoretical foundation • Authentication • Password, challenge/response, mutual authentication, …

  4. Course Outline • Public Key Infrastructure • PKI architecture, certificates, … • IPsec • Secure IP layer protocol • SSL/TLS • Secure transport layer protocol • Firewall • Prevent attacks, iptables, …

  5. Course Outline • Intrusion Detection System • Host-based IDS and network-based IDS • Email Security • Wireless security / Worm (backup) • Rouge AP attacks, WEP crack, Worm propagation/detection, …

  6. Course Work • 6~7 lab assignments (70%) • Team of 2 students • Lab report • Final exam (30%) • Lecture + Lab • Virtual machines

  7. Lab Outline • Understanding network packets • IP prefix, DNS service • Encryption/decryption • Conduct file encryption (openssl) • Distinguish cryptographic algorithms • Password cracking • Dictionary attack, john-the-ripper • Network attacks • SYN flood, ARP poisoning

  8. Lab Outline • Implementing certificate • Set up https service • Configuring a firewall • iptables • System monitoring • Remote logging • Intrusion detection • Aide and Snort • SQL injection (backup)

  9. Other Info • Course web page • http://www.cs.umb.edu/~shengbo/teaching/it443.html • Prerequisite • IT341 • If you take IT341 later, you will lose the credits of this course.

  10. Policies • Lab reports • Partial points will be given, but no later submissions are accepted. • Honor code • No makeup exam • Accommodations • Ross Center for Disability Service • Campus Center Room 211 • 617-287-7430

  11. Information • Door code: 643478* • Login: Your windows account • If you use your own laptop, install • Vmware workstation 8.0 • Virtualbox • Install Ubuntu Desktop on a VM • Vmware key: 4H02N-T8142-P8TYE-AR02H-A9KKL • http://wes.cs.umb.edu/it443/ubuntu-10.04.4-desktop-i386.iso

  12. Introduction to Network Security • Security Breaches • http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/ • Symantec Threat Explorer • http://us.norton.com/security_response/threatexplorer/index.jsp • Email Spam

  13. Introduction to Network Security • Security threats • Malware: Virus, worm, spyware • Spam • Botnet • DDoS attacks • Phishing • Cross-site scripting (XSS) • …

  14. Contributing Factors • Lack of awareness of threats and risks of information systems • Security measures are often not considered until an Enterprise has been penetrated by malicious users • Wide-open network policies • Many Internet sites allow wide-open Internet access • Lack of security in TCP/IP protocol suite • Most TCP/IP protocols not built with security in mind • Complexity of security management and administration • Software vulnerabilities • Example: buffer overflow vulnerabilities • Cracker skills keep improving

  15. Security Objectives (CIA)

  16. Security Objectives (CIA) • Confidentiality — Prevent/detect/deter improper disclosure of information • Integrity — Prevent/detect/deter improper modification of information • Availability — Prevent/detect/deter improper denial of access to services provided by the system

  17. OSI Security Architecture • ITU-T X.800 “Security Architecture for OSI” • Defines a systematic way of defining and providing security requirements • It provides a useful, if abstract, overview of concepts we will study

  18. Aspects of Security • 3 aspects of security: • security attack • Any action that compromises the security of information owned by an organization • security mechanism • A process that is designed to detect, prevent, or recover from a security attack • security service • Counter security attacks: make use of one or more security mechanisms to provide the service

  19. Threat Model and Attack Model • Threat model and attack model need to be clarified before any security mechanism is developed • Threat model • Assumptions about potential attackers • Describes the attacker’s capabilities • Attack model • Assumptions about the attacks • Describe how attacks are launched

  20. Passive Attacks

  21. Active Attacks

  22. Security Mechanism (X.800) • Specific security mechanisms: • encipherment, digital signatures, access controls, data integrity, authentication exchange, traffic padding, routing control, notarization • Pervasive security mechanisms: • trusted functionality, security labels, event detection, security audit trails, security recovery

  23. Security Service • Enhance security of data processing systems and information transfers of an organization • Intended to counter security attacks • Using one or more security mechanisms • Often replicates functions normally associated with physical documents • For example, have signatures, dates; need protection from disclosure, tampering, or destruction; be notarized or witnessed; be recorded or licensed

  24. Security Service • Authentication - assurance that communicating entity is the one claimed • Access Control - prevention of the unauthorized use of a resource • Data Confidentiality –protection of data from unauthorized disclosure • Data Integrity - assurance that data received is as sent by an authorized entity • Non-Repudiation- protection against denial by one of the parties in a communication • Availability– resource accessible/usable

  25. Check network connection • ping google.com • Log out

More Related