1 / 46

Data and Computer Communications

Data and Computer Communications. Chapter 24 – Computer and Network Security Techniques. Ninth Edition by William Stallings. Computer and Network Security Techniques.

sachi
Download Presentation

Data and Computer Communications

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Data and Computer Communications Chapter 24 – Computer and Network Security Techniques Ninth Edition by William Stallings Data and Computer Communications, Ninth Edition by William Stallings, (c) Pearson Education - Prentice Hall, 2011

  2. Computer and Network Security Techniques To guard against the baneful influence exerted by strangers is therefore an elementary dictate of savage prudence. Hence before strangers are allowed to enter a district, or at least before they are permitted to mingle freely with the inhabitants, certain ceremonies are often performed by the natives of the country for the purpose of disarming the strangers of their magical powers, or of disinfecting, so to speak, the tainted atmosphere by which they are supposed to be surrounded. —The Golden Bough Sir James George Frazer —The Art of War Sun Tzu

  3. Virtual Private Networks and IPSEC • IPSEC provides three main facilities: • an authentication-only function called the Authentication Header (AH) • combined authentication/encryption function called Encapsulating Security Payload (ESP) • key exchange functionality

  4. Transport & Tunnel Modes • ESP supports two modes of use: • Transport • which provides protection for upper-layer protocols • typically used for end-to-end communication between two hosts • Tunnel • which provides protection to the entire IP packet • used when at least one of the two ends is a security gateway

  5. ESP Encryption and Authentication

  6. Example of Tunnel Mode Host B Host A IPSEC Processing Needed? Outer IP Header is Stripped

  7. Key Management IPSEC key management involves the determination and distribution of secret keys.

  8. IPSEC and VPNs • there is a driving need for users and organizations to be able to: • secure their networks • receive traffic over the internet while still meeting the need to secure the network

  9. Ipsec and VPNs

  10. Application layer security • SSL – Secure Socket Layer • general purpose service designed to provide a reliable end-to-end secure service • set of protocols that relies on TCP • could be provided as part of the underlying protocol suite and transparent to applications • can be embedded in specific packages • TLS – Transport Layer Security • RFC 2246 • basically an updated service from SSL that provides reliable end-to-end secure data transfer

  11. SSL Architecture

  12. (Two Important SSL Concepts)

  13. SSL Record Protocol MAC= message authentification code

  14. Change Cipher Spec Protocol(see Fig. 24.2 shown previously) Pending • the simplest of the three SSL-specific protocols • makes use of the SSL Record Protocol • consists of a single message, which consists of a single byte with the value 1 • sole purpose is to cause the pending state to be copied into the current state

  15. Alert and Handshake Protocols (see Fig. 24.2 shown previously) • Alert Protocol (ex. Incorrect MAC) • conveys SSL related alerts to the peer entity • compressed and encrypted • Handshake Protocol • most complex part of SSL • allows server and client to authenticate • negotiates encryption and MAC algorithm as well as the keys • used before the transmission of any application data

  16. Wi-Fi Protected Access • Wi-Fi Protected Access is also known as WPA • is the Wi-Fi standard • a set of security mechanisms created to accelerate the introduction of strong security into WLANs

  17. WPA • Based on the IEEE 802.11i standard • addresses 3 main security areas • requires the use of an Authentication Server (AS) • PSK (pre-shared key) does not require an AS • defines a more robust authentication protocol • Supports AES with 128-bit keys and 104-bit RC4 encryption schemes

  18. 802.11i Operational Phases

  19. 3 Main Ingredients for WPA

  20. 802.11i Access Control

  21. Privacy with Message Integrity • IEEE 80211i defines two schemes • both add a message integrity code (MIC) to the 802.11 MAC Frame

  22. Intrusion Detection • RFC 2828 • Security Intrusion • a security event, or combination of multiple security events, that constitutes a security incident in which an intruder gains, or attempts to gain access to a system without having authorization to do so • Intrusion Detection • a security service that monitors and analyzes system events for the purpose of finding, and providing real-time or near-real-time warning of, attempts to access system resources in an unauthorized manner

  23. Intrusion Detection (IDS)

  24. IDS Components

  25. Basic Principles of Countering Intrusions

  26. Intruder Behavior Profiling

  27. Host-Based IDS Techniques • can detect both external and internal intrusions.

  28. Firewalls an integral part of an organization’s defense-in-depth strategy as well as an important complement to an organization’s IDS. typically thought of as perimeter protection “defense in depth”

  29. Firewall Characteristics • all traffic passes through the firewall • only authorized traffic is allowed to pass • the firewall itself is immune to penetration • assumes a hardened system with a secured operating system

  30. Firewall Control Access Techniques

  31. Firewall Limitations cannot protect against attacks that bypass the firewall (i.e. a modem pool) may not fully protect against internal threats cannot guard against wireless communications between local systems on different sides of the internal firewall cannot protect against mobile devices that plug directly into the internal network

  32. Types of Firewalls

  33. Types of Firewalls

  34. Packet-Filtering Examples

  35. Packet Filtering Firewalls • Advantages: • its simplicity • transparent to users • very fast • Disadvantages: • cannot prevent attacks to application specific vulnerabilities • do not support advanced user authentication schemes • vulnerable to attacks that take advantage of problems within TCP/IP • susceptible to security breaches caused by improper configurations

  36. Stateful Firewall Connection State Table

  37. Application-Level Gateway • also called an application proxy, acts as a relay of application-level traffic • tend to be more secure than packet filters • easy to log and audit all incoming traffic • Disadvantage: • additional processing overhead on each connection

  38. Circuit-Level Gateway circuit-level proxy stand alone system or function performed by an application-level gateway sets up two TCP connections security function consists of determining which connections will be allowed used where the system administrator trusts the internal users

  39. Malware Defense • Prevention is the primary goal for malware defense. However when prevention is not possible we want to: • Detect • Identify • Remove • Anti-virus software is designed to do all of the above

  40. Anti-Virus Generic Decryption(GD) GD is technology that enables anti-virus programs to detect even the most complex polymorphic viruses.

  41. Digital Immune System

  42. Behavior-Blocking Software • integrates with the operating system of a host computer and monitors program behavior in real time.

  43. Behavior Blocking

  44. Worm Countermeasures

  45. 6 Classes of Worm Defense Signature-based scanning & filtering Filter-based containment Payload-classification based worm containment Threshold Random Walk (TRW) scan detection Rate Limiting Rate Halting

  46. Summary • VPNs and IPsec • transport and tunnel modes • SSL and TLS • architecture and protocol • Wi-Fi protected access • access control and privacy • Intrusion detection • Firewalls • characteristics and types • Malware Defense • worm countermeasures

More Related