1 / 94

Chapter 13 Network Security

2. What we will cover. Security measuresFirewallsBusiness on the internet - Encryption. 3. 4. Introduction. . While computer systems today have some of the best security systems ever, they are more vulnerable than ever before.This vulnerability stems from the world-wide access to computer systems via the Internet.Computer and network security comes in many formsencryption algorithmsaccess to facilitiesdigital signaturesfingerprints and face scans as passwords.Where do most secu30369

hija
Download Presentation

Chapter 13 Network Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

    1. 1 Chapter 13 Network Security

    2. 2 What we will cover Security measures Firewalls Business on the internet - Encryption

    3. 3

    4. 4

    5. 5 What is network security? Network security is preventing attackers from achieving objectives through unauthorized access or unauthorized use of computers and networks. www.cert.org

    6. 6

    7. 7

    8. 8 Personnel security Most security violations have one common characteristic: They are caused by people! Training, Auditing, Least Privilege, ...

    9. 9

    10. 10

    11. 11

    12. 12

    13. 13 List of common passwords !@#$% !@#$%^ !@#$%^& !@#$%^&* 000000 00000000 0007 007 007007 0246 0249 1022 10sne1 111111 121212 1225 123 123123 1234 12345 123456 1234567 12345678 1234qwer 123abc 123go 1313 131313 13579 14430 1701d 1928 1951 1a2b3c 1p2o3i 1q2w3e 1qw23e 1sanjose 2112 21122112 2222 2welcome 3 369 4 4444 4runner 5 5252 54321 5555 5683 654321 666666 6969 696969 777 7777 80486 8675309 888888 90210 911 92072 99999999 @#$%^& a a12345 a1b2c3 a1b2c3d4 aaa aaaaaa aaron abby abc abc123 abcd abcd1234 abcde abcdef abcdefg abigail about absolut academia access action active acura adam adams adg adidas admin adrian advil aeh aerobics after again aggies aikman airhead airplane alan alaska albany albatross albert alex alex1 alexande alexander alexandr alexis alfred algebra aliases alice alicia aliens alison all allen allison allo alpha alpha1 alphabet alpine always alyssa ama amanda amanda1 amber amelie america america7 amiga amorphous amour amy an analog anchor and anderson andre andrea andrew andromache andy angel angela angela1 angels angie angus animal animals ann anna anne annie answer anthony anthropogenic antonio anvils any anything apache apollo apollo13 apple apple1 apples april archie arctic are aria ariadne ariane ariel arizona around arrow arthur artist as asdf asdfg asdfgh asdfghjk asdfjkl asdfjkl; ashley ask aspen ass asshole asterix at ate ath athena atmosphere attila august austin

    14. 14 Authentication Authentication is the process of reliably verifying the identity of someone (or something) by means of: A secret (password [one-time], ...) An object (smart card, ...) Physical characteristics (fingerprint, retina, ...) Trust Do not mistake authentication for authorization!

    15. 15

    16. 16

    17. 17

    18. 18

    19. 19

    20. 20

    21. 21

    22. 22

    23. 23

    24. 24

    25. 25 What is the difference between a computer virus and a computer worm? Viruses are computer programs that are designed to spread themselves from one file to another on a single computer. A virus might rapidly infect every application file on an individual computer, or slowly infect the documents on that computer, but it does not intentionally try to spread itself from that computer to other computers. In most cases, that's where humans come in. We send e-mail document attachments, trade programs on diskettes, or copy files to file servers. When the next unsuspecting user receives the infected file or disk, they spread the virus to their computer, and so on. Worms, on the other hand, are insidious because they rely less (or not at all) upon human behavior in order to spread themselves from one computer to others. The computer worm is a program that is designed to copy itself from one computer to another over a network (e.g. by using e-mail). The worm spreads itself to many computers over a network, and doesn't wait for a human being to help. This means that computer worms spread much more rapidly than computer viruses.

    26. 26

    27. 27

    28. 28

    29. 29 Web Spoofing Web Spoofing is a security attack that allows an adversary to observe and modify all web pages sent to the victim's machine, and observe all information entered into forms by the victim. Web Spoofing works on both of the major browsers and is not prevented by "secure" connections. The attacker can observe and modify all web pages and form submissions, even when the browser's "secure connection" indicator is lit. The user sees no indication that anything is wrong. The attack is initiated when the victim visits a malicious Web page, or receives a malicious email message (if the victim uses an HTML-enabled email reader).

    30. 30

    31. 31 Smurfing Smurfing is the attacking of a network by exploiting Internet Protocol (IP) broadcast addressing and certain other aspects of Internet operation. Smurfing uses a program called Smurf and similar programs to cause the attacked part of a network to become inoperable. The exploit of smurfing, as it has come to be known, takes advantage of certain known characteristics of the Internet Protocol (IP) and the Internet Control Message Protocol (ICMP). The ICMP is used by network nodes and their administrators to exchange information about the state of the network. ICMP can be used to ping other nodes to see if they are operational. An operational node returns an echo message in response to a ping message. A smurf program builds a network packet that appears to originate from another address (this is known as spoofing an IP address). The packet contains an ICMP ping message that is addressed to an IP broadcast address, meaning all IP addresses in a given network. The echo responses to the ping message are sent back to the "victim" address. Enough pings and resultant echoes can flood the network making it unusable for real traffic. One way to defeat smurfing is to disable IP broadcast addressing at each network router since it is seldom used. This is one of several suggestions provided by the CERT Coordination Center.

    32. 32 What is SSH? SSH (Secure Shell) is a full replacement for rsh, rlogin, rcp, telnet, rexec, and ftp Automatic authentication (?) of users, no passwords are sent in clear text Secure remote login, file copying, and tunneling X11 and TCP connections (POP, IMAP, SMTP, HTTP)

    33. 33

    34. 34 What is a firewall? Used to control the flow of traffic (both inflows and outflows, but primarily inflows) between networks The connected networks can be internal or a combination of internal and external networks

    35. 35

    36. 36 Transmission Control Protocol/ Internet Protocol - TCP/IP A conglomeration of underlying protocols designed to enable communications between computers across networks

    37. 37 4 Basic Layers of TCP/IP Physical/Network Layer - Accepts and transmits network packets over the physical network. Physical networking protocols, such as Ethernet, and logical protocols, such as Address Resolution Protocol (ARP), are run at this layer. IP Layer - Responsible for routing packets across the network. Routing protocols, such as Routing Information Protocol (RIP) and Interior Gateway Routing Protocol (IGRP), are run at this layer.

    38. 38 4 Basic Layers of TCP/IP (cont.) Transport Layer - Manages the virtual session between two computers for TCP for providing end-to-end communication. Application Layer - Manages the networking applications and formats data for transmission.

    39. 39 Open Systems Interconnect (OSI) Developed by the International Organization for Standardization A seven layer model that further divides the layers from the TCP/IP model

    40. 40

    41. 41

    42. 42 Characteristics of Good Firewalls All traffic from inside the corporate network to outside the network, and vice-versa, must pass through it; Only authorized traffic, as defined by the security policy, is allowed to pass through it; and the system itself is immune to penetration.

    43. 43

    44. 44

    45. 45 Firewall Filtering Firewall features that are standard on routers. Separate input and output filters on: Source and destination address Protocol (TCP/IP, IPX, UDP, ICMP, RIP, OSPF, BGP) Protocol service (Web, e-mail, FTP) Established sessions Packet logging Extended Frame Relay filtering (variable-length packet switching data transmission)

    46. 46 Static Firewalls Pre-configured rulebases are used for traffic passing decisions Default permit - the firewall allows all traffic except that which is explicitly blocked by the firewall rulebase Default deny - the firewall denies all traffic except that which is explicitly allowed by the firewall rulebase

    47. 47 Dynamic Firewalls Also uses rulebases, but the denial and permission of any service can be established for a given time period Stateful inspection is also a dynamic configuration A stateful inspection firewall also monitors the state of the connection and compiles the information in a state table. Because of this, filtering decisions are based not only on administrator-defined rules (as in static packet filtering) but also on context that has been established by prior packets that have passed through the firewall.

    48. 48 Components of Firewalls Chokes - limit the flow of packets between networks. Read packets and determine, based on the rules, if the traffic should pass Gates - act as a control point for external connections. They control the external connections.

    49. 49

    50. 50 Firewall Functions Packet Filtering Network Address Translation Application-level Proxies Stateful Inspection Virtual Private Networks Real-time Monitoring

    51. 51

    52. 52 Last time Security issues Firewalls

    53. 53 So you want to do business over the internet What do you have to worry about?

    54. 54

    55. 55 Important Techniques used to prevent/detect data interception Message Origin Authentication Proof of Delivery (non-repudiation) Message Integrity Same message Not seen by others Timely Delivery of Messages

    56. 56 Encryption. Is the best device for ensuring message (and data) confidentiality involves transforming plaintext into ciphertext using a KEY the level of secrecy is a function of strength of the algorithm key length key management policies

    57. What is cryptography? hidden writing versus steganography (hiding the message) Until recently: military tool Like any military technology: methods change over time Two sides: designing codes breaking codes (cryptanalysis) Computers have changed both

    58. 58

    59. 59 Uses of Cryptography Besides confidentiality, cryptography provides Authentication: knowing who sent the message actually sent it. Integrity: message has not been tampered with and/or the message is legit Nonrepudiation: a user should not be able to deny that he sent the message

    60. 60

    61. 61 Simple encryption methods Pig Latin Decoder rings

    62. 62

    63. 63 Simple example: Caesar Shift Protocol: shift each letter by the same amount Key: amount to shift

    64. 64 Caesar Cipher

    65. 65 Example: Caesar Shift What is: ozqsx shld

    66. 66

    67. 67

    68. 68

    69. 69

    70. 70 Types of Keys Symmetric (one key) Asymmetric (two keys)

    71. 71 Asymmetric keysAsymmetric keys

    72. 72

    73. 73 Paradigm Shift! Alice wants to mail Bob a letter securely If they share a key, Alice locks, Bob unlocks If not: Alice puts on padlock, sends box to Bob Bob adds his padlock, sends box back to Alice Alice removes her padlock, sends box to Bob Bob unlocks box, reads letter Problem: how to translate this to a protocol?

    74. 74

    75. 75

    79. 79

    80. 80

    81. 81

    82. 82

    83. 83

    84. 84 PGP is a digital data encryption program created by Phil Zimmerman. Provides confidentiality, authentication, and compression for email and data storage. Its building blocks are made of the best available cryptographic algorithms: RSA, DSS, Diffie-Hellman. It is independent of operating system and processor. It has a small set of easy-to-use commands

    85. 85 PGP Because PGP is freely available via the Internet, and has a fully compatible low-cost commercial version it is now widely used. It has a wide range of applicability from corporations to individuals who wish to communicate worldwide securely over the Internet and other networks. It is not controlled by any government which makes it attractive to many.

    86. 86 Digital Signatures A digital signature is much like a hand signature in that it provides proof that you are the originator of the message (Authentication); assigns a code to a document. Used to bound the message originator with the exact contents of the message through the use of key pairs. This allows for the feature of non-repudiation to be achieved - this is crucial for electronic commerce. Non-repudiation is a property achieved through cryptographic methods which prevents an individual or entity from denying having performed a particular action related to data. The private key of the sender is used to compute a message digest.

    87. 87

    88. 88 Asymmetric keysAsymmetric keys

    89. 89

    90. 90

    91. 91

    92. 92

    93. 93 What did we cover? Security for internet communications Message Origin Authentication Proof of Delivery (non-repudiation) Message Integrity Same message Not seen by others Cryptography Keys PKI

    94. 94

More Related