1 / 25

Network Security

Network Security. Lecture 1 Course Overview http://web.uettaxila.edu.pk/CMS/coeCCNbsSp09/index.asp. Waleed Ejaz waleed.ejaz@uettaxila.edu.pk. Overview. Goal of this course Grading Prerequisites Tentative Schedule Security Goals. Goal of This Course.

crundell
Download Presentation

Network Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Network Security Lecture 1 Course Overview http://web.uettaxila.edu.pk/CMS/coeCCNbsSp09/index.asp Waleed Ejaz waleed.ejaz@uettaxila.edu.pk

  2. Overview • Goal of this course • Grading • Prerequisites • Tentative Schedule • Security Goals

  3. Goal of This Course • Comprehensive course on network security • Includes both theory and practice • Theory: Cryptography, Hashes, key exchange, Email Security, Web Security • Practice: Hacking and Anti-Hacker techniques • Graduate course: (Advanced Topics) • Lot of independent reading and writing • Project/Survey paper

  4. CERT • Computer emergency response team (CERT) • Security is a #1 concern about Internet. • Significant industry and government investment in security

  5. Prerequisites • Computer Communication & Networks

  6. Prerequisites • ISO/OSI reference model • TCP/IP protocol stack • Full-Duplex vs half-duplex • UTP vs Wireless • Cyclic Redundancy Check (CRC) • CRC Polynomial • Ethernet • IEEE 802 MAC Addresses • Bridging and Routing • IEEE 802.11 LAN

  7. Prerequisites (contd.) • IP Address • Subnets • Private vs Public Addresses • Address Resolution Protocol (ARP) • Internet Control Message Protocol (ICMP) • Routing - Dijkstra's algorithm • Transport Control Protocol (TCP) • User Datagram Protocol (UDP) • TCP connection setup • TCP Checksum • Hypertext Transfer Protocol (HTTP)

  8. Text Book • Charlie Kaufman, Radia Perlman, and Mike Speciner, "Network Security: Private Communication in a Public World," 2nd Edition, Prentice Hall, 2002, ISBN: 0130460192.

  9. Reference Book • Cryptography and Network Security, by William Stallings,Prentice Hall, 4th Edition, 2006 • Few topics from this book will be followed during this course.  • All relevant material will be provided as notes or as part of the class slides.

  10. Course Outline • Course Overview • Security Concepts • TCP/IP Security Attacks • Security Key Cryptography (Chapter 3) • Modes of Operation (Chapter 4) • Hashes and Message Digest (Chapter 5) • Public Key Cryptography (Chapter 6) • Authentication: Passwords, Biometrics (Chapter 10) • Kerberos (Chapter 14) • Public Key Infrastructure (Chapter 15) • IPSec (Chapter 17)

  11. Course Outline (contd.) • Internet Key Exchange (IKE) (Chapter 18) • Web Security: SSL/TLS (Chapter 19) • Email Security: PGP (Chapter 22) • Firewalls (Chapter 23) • VPNs • DNS Security • Network Access Controls: AAA • Wireless Security • Intrusion Detection • DMZ (LAN->WAN)

  12. Grading • Assignments 5 • Quizzes 10 • Grand Quiz 10 • Labs 25 • Final Exam 100

  13. Term Project • A survey paper on a network security topic • " Wireless Network Security • " Key Exchange Protocols • " Comprehensive Survey: Technical Papers, Industry Standards, Products • A real attack and protection exercise on the security of a system (web server, Mail server, …) – Groups of 2 students (Hacker and Administrator) • Recent Developments: Last 5 to 10 years ⇒ Not in books • Better ones may be submitted to magazines or journals

  14. Project Schedule • Topic Selection/Proposal • References Due • Outline Due • First Draft/Demo Due • Reviews/comments Returned • Final Report Due

  15. Office Hours • Thursday: 1:30 PM to 3:00 PM • Office: Room 9 • Contact Office: +92-51-9047573 • Best way to communicate with me in other then office hours is email: • waleed.ejaz@uettaxila.edu.pk

  16. FAQs • Yes, I do use “curve”. Your grade depends upon the performance of the rest of the class. • All homeworks are due on the following Friday unless specified otherwise. • Any late submissions, if allowed, will *always* have a penalty. • All exams are closed-book and extremely time limited. • Exams consist of numerical and may be multiple-choice (truefalse) questions.

  17. Security Goals • Security Goals • Confidentiality: Need access control, Cryptography, Existence of data • Integrity: No change, content, source, prevention mechanisms, detection mechanisms • Availability: Denial of service attacks, • Confidentiality, Integrity and Availability (CIA)

  18. Security Attacks Security Attacks Security Attacks Security Attacks Security Attacks Security Attacks Security Attacks Security Attacks Security Attacks Snooping Snooping Snooping Snooping Snooping Snooping Snooping Snooping Snooping Snooping Snooping Snooping Snooping Modification Modification Modification Modification Denial of Service Traffic Analysis Traffic Analysis Traffic Analysis Traffic Analysis Traffic Analysis Traffic Analysis Traffic Analysis Traffic Analysis Traffic Analysis Traffic Analysis Traffic Analysis Traffic Analysis Traffic Analysis Traffic Analysis Masquerading Masquerading Masquerading Threat to Availability Replaying Replaying Threat to Confidentiality Repudiation Threat to Integrity

  19. Alice Bob Passive Versus Active Attacks • Alice and Bob want to communicate in presence of adversaries • Adversaries: • Passive – just looking • Active – may change msgs

  20. Categorization of passive and active attacks

  21. Student Questionnaire • Name: _________________________________________ • Email: _________________________________________ • Phone: _________________________________________ • Degree: ______________ Expected Date: _________________ • Technical Interest Area(s): _____________________________ • Prior networking related courses/activities:________________ • Prior security related courses: _________________________ • If you have a laptop or desktop, it’s operating system: _______ • Do you have a WiFi interface? _____ • I agree to abide by the rules and will not use the techniques on any computer other than mine or Network security lab. • Signature: _______________________ Date: _____________

  22. Lab Home Work 1: Gathering Information • Learn about IPconfig, ping, arp, nslookup, whois, tracert, netstat, route, hosts file • 1. Find the IP addresses of www.google.com • 2. Modify the hosts file to map www.google.com to 128.252.166.33 and do a google search. Remove the modification to the host file and repeat. • 3. Find the domain name of 128.272.165.7 (reverse the address and add .inaddr. arpa) • 4. Find the owner of www.google.com domain • 5. Find route from your computer to www.google.com • 6. Find the MAC address of your computer • 7. Print your ARP cache table. Find a server on your local network. Change its ARP entry in your computer to point to your computer’s MAC address. Print new ARP cache table. Now use the service and see what happens. • 8. Print your routing table and explain each line (up to line #20 if too many) • 9. What is the number of packets sent with “destination unreachable” • 10. Find the location of 128.252.166.33 (use www.ipaddresslocation.org)

  23. Quiz 0: Prerequisites • True or False? • Subnet mask of 255.255.255.254 will allow 254 nodes on the LAN. • Time to live (TTL) of 8 means that the packet can travel at most 8 hops. • IP Address 128.256.210.12 is an invalid IP address • CRC Polynomial x32+x15+1 will produce a 32 bit CRC. • DHCP server is required for dynamic IP address assignment • DNS helps translate an name to MAC address • Port 80 is used for FTP. • IPv6 addresses are 32 bits long. • New connection setup message in TCP contains a syn flag. • 192.168.0.1 is a public address. • Marks = Correct Answers _____ - Incorrect Answers _____ = ______

  24. Quiz 0: Prerequisites (Solution) • True or False? • Subnet mask of 255.255.255.254 will allow 254 nodes on the LAN. False • Time to live (TTL) of 8 means that the packet can travel at most 8 hops. True • IP Address 128.256.210.12 is an invalid IP address. True • CRC Polynomial x32+x15+1 will produce a 32 bit CRC. True • DHCP server is required for dynamic IP address assignment. True • DNS helps translate an name to MAC address. False • Port 80 is used for FTP. False • IPv6 addresses are 32 bits long. False • New connection setup message in TCP contains a syn flag. True • 192.168.0.1 is a public address. False • Marks = Correct Answers _____ - Incorrect Answers _____ = ______

  25. Questions!

More Related