1 / 21

CSCE 815 Network Security

CSCE 815 Network Security. Exam Review. April 29, 2003. Lecture Outlines. Introduction Conventional Encryption Data Encryption Standard (DES) DES again Advanced Encryption Standard (AES) – Rijndael Public Key Encryption Message Authentication Codes and Hash Functions

palma
Download Presentation

CSCE 815 Network Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CSCE 815 Network Security Exam Review April 29, 2003

  2. Lecture Outlines • Introduction • Conventional Encryption • Data Encryption Standard (DES) • DES again • Advanced Encryption Standard (AES) – Rijndael • Public Key Encryption • Message Authentication Codes and Hash Functions • SHA Operation and Kerberos • Digital Signatures & Authentication Applications • Kerberos and X.509

  3. Lecture Outlines • 11. Email Security and PGP • 12. Email Security and S/MIME • 13. IP Security (IPSec) • IPSec again • Web Security - Secure Sockets Layer (SSL) • SSL, TSL and SET • Simple Network Management Protocol (SNMP) • SNMP 3 • Intruders • Intruders / Intrusion Detection

  4. Lecture Outlines • 21. SNMP 3 • 22. Intrusion Detection Systems • Make it up from here on! • 23. Chroot Jails • 24. Your Jail and HoneyNets (4/17/03) • 25. HoneyNets II (4/22/03) • 26. SSH Implementation (4/24/03) • 27. Exam Review

  5. Lecture 11 Email and PGP • SMTP • Port 25; on top of TCP/IP; Commands • What is the normal sequence of packets for sending a piece of email? • Email Security Enhancements: confidentiality, authentication, message integrity, non-repudiation • PGP – What does it do and how? • What is DSS/SHA? • Explain Radix 64 and why it is necessary. • PGP Message format • PGP Key distribution

  6. Lecture 12 Email and S/MIME • PGP Operation • ZIV Compression • Multipurpose Internet Mail Extensions (MIME) • Why MIME? What problem does it address/solve? • Content-type • Content-Transfer-Encoding: 7bit (ASCII), binary, printable, base64, X-token, 8 bit • IP Security • Authentication (AH) and Encapsulation • AH purpose vs Encryption • Tunnel vs Transport mode • Key Management ISAKMP – Int. Sec. Assoc. Key Manag. Protocol; Oakley

  7. Lecture 13 IP Security • PGP HW • TCP/IP suite • What is MAC? Where is IPSec? • IPSec provides: authentication, confidentiality, key management • IPv4 / IPv6 : header/fields (really 516 question) • Virtual Private Networks (VPN) • Explain how to use IPSec to build a VPN • Security Associations – what is one? • Transport mode vs Tunnel mode • What is a mutable field? • What is authenticated? What is encrypted? In IPv4? In IPv6?

  8. Lecture 14 IP Security Again • Applications/Benefits of IPSec • Encapsulating Security Payload (ESP) • Encryption • Authentication • IPv4 packets • IPv6 packets • Security Associations • Tunneling • Combinations of SAs • Oakley • ISAKMP

  9. Lecture 15 Web Security Sec. Sock. L. • Oakley Example (fig 6.11) • ISAKMP • Packet format and fields • ISAKMP Exchanges • Base exchange, Identity protection exchange, Authentication only, Aggressive, Informational only (one-way) • Security in the TCP/IP hierarchy • Application layer • Transport Layer: SSL, TLS • Network Layer • SSL Architecture • Record protocol, record format, handshake protocol • TLS

  10. Lecture 16 Web Security SSL again • PGP one more time: key distribution • SSL/TLS • SSL record services: confidentiality and message integrity • MAC calculation • Cipher Spec and Alert protocols • Handshake protocol • Establish security capabilities: key exchange, cipherSpec • Server authentication and key exchange • Client authentication and key exchange • Finish up • TLS • SET

  11. Lecture 17 SNMP • Simple Network Management Protocol • SNMP, SNMPv2, SNMPv3 • SNMP • Need, Goals, management station, management agents • SNMP operations: GET/SET, TRAP • Management Information Base • SNMP protocol • On top of UDP/IP • SNMP proxies • SNMP v2 • SNMP v3 • SNMPv3 architecture – manager, agents, message flow, modules • User Security Model(USM): message formats • Key localization • Access control (VACM)

  12. Lecture 18 SNMP again • SNMP proxies • MIB objects • SNMP v3 • PDU processing  message processing  UDP  IP MAC • SNMP Engine Modules: • Dispatcher, message processing, security and access control subsystems • SNMP Manager trace • SNMP agent trace • SNMPv3 terminology (table 8.2) • User Security Model (USM): message format, designed for, not designed for, USM timeliness mechanisms • View Based Access Control • Key Localization • Intruders: Unix passwords

  13. Lecture 19 Intruders • Klein’s password guessing research • Unix passwords: files, scheme, salt, DES, access control, shadow • Password Selecting Strategies • Computer generated, reactive, proactive password checking • Markov model, bloom filters • Markov Model • Is this bad password?  Was this generated by Markov model? • Bloom Filters • Design hash scheme to minimize false positives • Malicious Programs

  14. Lecture 19 Intruders • Klein’s password guessing research • Unix passwords: files, scheme, salt, DES, access control, shadow • Password Selecting Strategies • Computer generated, reactive, proactive password checking • Markov model, bloom filters • Markov Model • Is this bad password?  Was this generated by Markov model? • Bloom Filters • Design hash scheme to minimize false positives • Malicious Programs

  15. Lecture 20 Intruders • Stages of Network Intrusion • Denning’s Audit records • Taxonomy of malicious programs • Viruses • Trusting Trust – Ken Thompson • Buffer Overflows

  16. Lecture 21 Intrusion Detection Systems • Tools of the Trade • Reconnaissance • Social Engineeering • Port scanners • Passive operating system identification • Information Sources • SANS top 20 • CERT (CMU), NIST, newsgroups • Physical Security • Protocol Review: IP, TCP, UDP, ARP, ICMP, HTTP,SMTP,SSH, SNMP, FTP • Spoofing Attacks: ARP, IP, SMTP, DNS

  17. Lecture 22 Intrusion Detection Systems • Protocol Review: IP, TCP, UDP, ARP • Spoofing Attacks: ARP, IP, SMTP, DNS • GDB capabilities • IP Spoofing Attacks • Raw sockets • Blind spoofing how • Preventing: • ARP Spoofing Attacks: arp cache, arp command • DNS Spoofing, Email Spoofing • Firewall: • Packet filters, IP tables • Chroot Jails: jail implementation, User Mode Linux

  18. Lecture 23 Jails and such • Network Administration tools: ifconfig, netstat, /etc, /sbin • Firewall limitations • IPtables • IPchains, netfilter, Rules • Chroot Jail Implementation • Chdir • Chroot • exec(“chRootedShell”) • Set user ID bit, adjust environment variables • User Mode Linux (the other UML): • creates virtual machine

  19. Lecture 24 Your Jail and HoneyNets • Gen II Honeynet vs Honeypot • Honeynet Bridge • eth0, eth1, eth2 • Bridging kernel: avoids detection • Logs interaction • Provides data control • Detection: Tripwire • Data Capture • Snort-inline, system loggers (comlog for Windows) • Keystroke logging

  20. Lecture 25 Data Control in HoneyNets • Access limiting with IPtables • Connection Limiting • Rc firewall

  21. Lecture 26 SSH and SSH Implementation

More Related