Download Network Security

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
page
31
page
32
page
33
page
34
page
35
Document related concepts

Unix security wikipedia , lookup

Post-quantum cryptography wikipedia , lookup

Deep packet inspection wikipedia , lookup

Distributed firewall wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Cyberwarfare wikipedia , lookup

Airport security wikipedia , lookup

Cyberattack wikipedia , lookup

Wireless security wikipedia , lookup

Information security wikipedia , lookup

Cyber-security regulation wikipedia , lookup

Computer and network surveillance wikipedia , lookup

International cybercrime wikipedia , lookup

Security-focused operating system wikipedia , lookup

Mobile security wikipedia , lookup

Computer security wikipedia , lookup

Cybercrime countermeasures wikipedia , lookup

Transcript 
Introduction to
Network Security
Spring 2011
1
Outline
•
•
•
•
•
•
•
Introduction
Attacks, services and mechanisms
Security threats and attacks
Security services
Methods of Defense
A model for Internetwork Security
Internet standards and RFCs
2
Introduction
Goal
Information
Security
Services
Computer
Security
Automated tools
for protecting info
on the computer
Network
Security
Measures to protect
data during their
transmission on the network
3
Security Trends
DDoS
to
DNS
2003
BotNet
Attack
2009
4
Hacking
• Attack using the vulnerability of protocol
– DoS
– Sniffing
– Session Hijacking
– Spoofing
•
Malicious code
John Draper, Phone hacker
– Virus
– Trojan horse
– Back door
– Worm
5
Virus and Worm
• What is Virus?
– Self-replicating code
– Inserts itself into other executable code
– Contains a malicious function, called payload (can be
empty)
– Native code which infects executable files
– Distribution by Email and File sharing
– Often requires a trigger from a user
• e.g. execute infected application
– Virus is often used as a collective term for malware
6
Trojan Horse
• A destructive program that masquerades as
a benign application. Unlike viruses, Trojan
horses do not replicate themselves but they
can be just as destructive.
– A Trojan horse can be deliberately attached to
otherwise useful software by a cracker, or it can
be spread by tricking users into believing that it
is a useful program.
• The term comes from the a Greek story of
the Trojan War : between Greek and Troy
7
Virus and Worm
• What is Worm?
– First Internet worm in 1988
– Different to a virus
•
•
•
•
Stand-alone program
Does not infect an application
Spreads itself through the network automatically
Usually spread much faster than viruses
– Worms often use exploits to propagate
• SQL Slammer – MS SQL Server
• Slapper - Apache/Mod-SSL
• Code Red – MS Internet Information Server
8
Attacks, Services and
Mechanisms
• Security Attack: Any action that
compromises the security of information.
• Security Mechanism: A mechanism that is
designed to detect, prevent, or recover from a
security attack.
• Security Service: A service that enhances
the security of data processing systems and
information transfers. A security service
makes use of one or more security mechanisms.
9
Security Threats & Attacks
• Threats
• A possible danger that might exploit a
vulnerability given a Circumstance,
Capability, action, or event to breach
security and cause harm
• Attacks
• An assault on system security that derives
from an intelligent threat
10
Security Threats
11
Security Threats
• Interruption: This is a threat on availability
• Interception: This is a threat on
confidentiality
• Modification: This is a threat on integrity
• Fabrication: This is a threat on authenticity
12
Security Attacks
•
Passive Attack : Attempts to learn or make use of
information from the system, but no affect on
system resources
- Release of message contents
- Traffic analysis
•
Active Attack : Attempts to data system resources or
affect their operations
- Masquerade
- Replay
- Modification of message
- Denial of service : 2003.1.25 Internet Chaos,
2007.7.7/ 2011.3.3 DDoS Attack
13
Release of Message Contents
Sensitive or confidential info needs to be prevented
from an opponent who will learn the contents of the
there transmissions
Darth
Bob
Read contents of
message from Bob
to Alice
Internet or
other comms facility
Alice
14
Traffic Analysis
If the contents of msgs are masked or protected by
encryption, and opponent might still be able to observe
the pattern of msgs,
• such as source and dest of communicating hosts,
• frequency and length of msgs being exchanged.
Darth
Bob
Observe pattern of
messages from Bob
to Alice
Internet or
other communications
facility
Alice
15
Masquerade
• Taking place when one entity pretends to be a different entity
• Enabling an authorized entity with few privileges to obtain
extra privileges by impersonating an entity that has those
privileges.
Darth
Bob
Read contents of
message from
Bob to Alice
Internet or
other comms facility
Alice
16
Replay attack
The passive capture of a data unit and its subsequent
retransmission to produce an unauthorized effect.
Darth
Bob
Capture message from
Bob to Alice; later
replay message to Alice
Internet or
other comms facility
Alice
17
Modification of Message
Some portion of legitimate msg altered, delayed, or
reordered to produce an unauthorized effect.
Darth
Darth modifies
message from Bob
to Alice
Internet or
other comms facility
Bob
Alice
18
Denial of Service
The normal use of communications facilities
prevented or inhibited, such as
• Suppressing all msgs directed to a particular
dest.
• The disruption of an entire network by disabling
the network
• The degradation of performance by overloading
it with msgs
19
An Architecture of DDoS
Attack
Daemon
Master
Daemon
Daemon
Daemon
Daemon
Victim
Real Attacker
20
Security Service
• A service that is provided by a protocol
layer of communicating open system and that
ensures adequate security of the systems or
of data transfer
• Security services implement security policies
and are implemented by security mechanisms
• Classification of the services
– Authentication
– Access control
– Data confidentiality
- Data Integrity
- Nonrepudiation
- Availability
21
Authentication
• This service is concerned with assuring that a communication is
authentic
• Data origin authentication (in the case of a single message)
– The function of the authentication service is to assure the
recipient that the message is from the original source.
– No service on duplication or modification.
• Peer entity authentication (in a connection-oriented
transmission i.e TCP)
– At the time of connection initiation, the service assures
that the two entities are authentic
– On the way of transmissions, the service assures that the
connection is not interfered by a third party to masquerade
22
as one of the entities.
Access Control
• The prevention of unauthorised use of a
resource
• In the context of network security, this
service is the ability to limit and control the
access to host systems and applications via
communications links.
• Each entity must be identified or
authenticated then, access rights can be
tailored to the individual.
23
Data Confidentiality
• The protection of transmitted data from passive
attacks.
• Types of data confidentiality
–
–
–
–
Connection confidentiality (all user data on a connection)
Connectionless confidentiality (all user data in a single msg.)
Selective field confidentiality (specific fields within a use data)
Traffic-flow confidentiality (information for traffic flow)
24
Data Integrity
• To provide the assurance that the received data are
exactly the same as the data transmitted by an
authorised entity.
※ no modification, insertion, deletion, or replay
• A connection-oriented / connectionless integrity service
– Connection-oriented : deals with a stream of
messages & assures no duplication, alteration, or
replays on the messages.
– Connectionless : deals with individual messages & may
provide protection on data modification
• Integrity service with / without recovery
– The automated recovery mechanism is more
attractive.
25
Nonrepudiation
• To prevent either sender or receiver
from denying a transmitted message.
– Origin (sender): Proof that the message
was sent by the specified party.
– Destination (receiver): Proof that the
message was received by the specified
party.
26
Availability
• Provides the normal use of a system or
system resource
• Addresses the security concerns raised
by denial-of-service attack.
27
Security Mechanisms
• Specific Security Mechanisms
– Implemented in a specific protocol layer.
• Pervasive Security Mechanisms
– Not specific to any particular protocol
layer or security service.
28
A Model for Network Security
Secret
information
Security-related
transformation
Message
Information
channel
Secure
Message
Security-related
transformation
Secure
Message
Message
Trusted third party
(e.g., arbiter, distributer
of secret information)
Secret
information
Opponent
29
30
Methods of Defence
• Encryption
• Software Controls (access limitations
in a data base, in operating system
protect each user from other users)
• Hardware Controls (smartcard)
• Policies (frequent changes of
passwords)
• Physical Controls
31
Internet standards and
RFCs
• The Internet society
– Internet Architecture Board (IAB)
– Internet Engineering Task Force (IETF)
– Internet Engineering Steering Group
(IESG)
32
Internet RFC Publication
Process
Internet
Draft
Proposed
Standard
Best current
Practice
Experimental
Informational
Draft
Standard
Internet
Standard
Historic
33
Summary
• We deals with
– security trends
– Security attacks such as passive attacks and active
attacks
– Security services such as authentication, access
control, data confidentiality, data integrity,
nonrepudiation and availability service
– A model for network security including
Opponent, Access Channel, Gatekeeper Function
and Information System
34
Outline of the Course
• This chapter serves as an introduction to the entire course. The
remainder of the book is organized into three parts:
• Part One : Provides a concise survey of the cryptographic
algorithms and protocols underlying network security
applications, including encryption, hash functions, digital
signatures, and key exchange.
• Part Two : Examines the use of cryptographic algorithms and
security protocols to provide security over networks and the
Internet. Topics covered include user authentication, e-mail, IP
security, and Web security.
• Part Three : Deals with security facilities designed to protect a
computer system from security threats, including intruders,
viruses, and worms. This part also looks at firewall technology.
35
Related documents
Network Security
Network Security
Information Security - National University of Sciences and
Information Security - National University of Sciences and
module4.1
module4.1
William Stallings, Cryptography and Network Security 5/e
William Stallings, Cryptography and Network Security 5/e
Problem: Alice and Bob play the following number game. Alice
Problem: Alice and Bob play the following number game. Alice
2012 Prelim Paper
2012 Prelim Paper
Real-time security
Real-time security
Lecture 1 - WordPress.com
Lecture 1 - WordPress.com
Distributed Denial of Service (DDoS)
Distributed Denial of Service (DDoS)
Tutorial 3 Selected Answers Question 13
Tutorial 3 Selected Answers Question 13
Introduction to network security
Introduction to network security
VeriSign: Enable everyone, everywhere to use the Internet with
VeriSign: Enable everyone, everywhere to use the Internet with