Download Chapter 19

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
page
31
Document related concepts

Information security wikipedia , lookup

Airport security wikipedia , lookup

Cryptanalysis wikipedia , lookup

Next-Generation Secure Computing Base wikipedia , lookup

Computer virus wikipedia , lookup

Project 25 wikipedia , lookup

Access control wikipedia , lookup

Cyber-security regulation wikipedia , lookup

Authentication wikipedia , lookup

Web of trust wikipedia , lookup

Cryptography wikipedia , lookup

Electronic authentication wikipedia , lookup

Deep packet inspection wikipedia , lookup

Diffie–Hellman key exchange wikipedia , lookup

Security and safety features new to Windows Vista wikipedia , lookup

History of cryptography wikipedia , lookup

Post-quantum cryptography wikipedia , lookup

Unix security wikipedia , lookup

Computer security wikipedia , lookup

Wireless security wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Mobile security wikipedia , lookup

3-D Secure wikipedia , lookup

Security-focused operating system wikipedia , lookup

Distributed firewall wikipedia , lookup

Secure multi-party computation wikipedia , lookup

Cybercrime countermeasures wikipedia , lookup

Transcript 
Chapter 19:
Computer and Network Security
Techniques
Business Data Communications, 6e
IPSec Functions
• Authentication Header (AH)
• Encapsulating Security Payload (ESP)
• Key exchange
2
ESP Transport and Tunnel Mode
• Transport mode: provides protection
primarily for upper-layer protocols.
Typically used for end-to-end
communications between two hosts.
Payload is encrytped but not the header.
• Tunnel mode: provides protection for the
entire IP packet. The entire packet is
placed within a new outer IP packet. Used
when one destination is a security gateway. 3
Scope of ESP Encryption and
Authentication
4
Key Management
• Manual: system administrator manually
configures each system with its own keys
and with the keys of other communicating
systems.
• Automatic: An automated system enables
the on-demand creation of keys and
facilitates the use of keys. Used in large
system configurations.
5
Advantages of IPSec
• Provides managers with a standard means
of implementing security for VPNs.
• Encryption and authentication algorithms
and security protocols are well studied.
• Users can be confident that IPSec provides
strong security.
• Can be implemented in firewalls and
routers owned by the organization, giving
network managers control over security.
6
SSL Architecture
• Provides reliable end-to-end secure service.
• Uses two layers of protocols.
• SSL Record Protocol provides basic security
services to higher layer protocols such as HTTP
• SSL includes:
-Handshake Protocol
-Change Cipher Spec Protocol
-Alert Protocol
7
SSL Protocol Stack
8
Key SSL Concepts
• Connection: a transport that provides a
suitable type of service. Every connection
is associated with one session.
• Session: an association between client and
server. Defien a set of sryptographic
security parameters which can be sharedby
multiple connections.
9
SSL Record Protocol Operation
10
SSL Protocols
• Change Cipher Spec Protocol: simplest
protocol, consists of a single byte with a
value of 1; causes the pending state to be
copied into the current state.
• Alert Protocol: used to convey SSL
related alerts to the peer entity. Each
message consisst of 2 bytes; the first
denotes a warning or fatal error.
11
Handshake Protocol
• The most complex part of SSL.
• Allows for servers and clients to
authenticate each other, negotiate an
encryption and MAC algorithm and
cryptographic keys to protect data.
• Used before any application data is
transmitted.
12
Handshake Protocol Phases
• Phase 1: Initiates logical connection
• Phase 2: passes certificate, additional key
information and request for client certificate.
Also passes server-done message.
• Phase 3: client sends message to server
depending on underlying public-key scheme.
• Phase 4: completes setting up the secure
connection.
13
802.11i Operational Phases
14
802.11i Architecture
• Authentication: protocol used to define an
exchange between a user and an AS
• Access control: function that enforces the use of
the authentication function, routes messages
properly and facilitates key exchange.
• Privacy with message integrity: MAC-level
data are encrypted along with a message integrity
code that ensures that the data have not been
altered.
15
802.11i Access Control
16
Intrusion Detection
• Security Intrusion: a security event, or a combination of
multiple security events, that constitutes a security incident in which
an intruder gains, or attempts to gain, access to a system (or system
resource) without having authorization to do so.
• Intrusion Detection: A security service that monitors and
analyzes system events for the purpose of finding and providing realtime or near-real-time warning of, attempts to access system
resources in an unauthorized manner.
• Intrusion Detection System Classification:
-Host-based IDS
-Network-based IDS
17
IDS Logical Components
• Sensors
• Analyzers
• User Interface
18
Approaches to Host-Based IDSs
• Anomaly Detection: involves the collection
of data relating to the behavior of legitimate users
over time.
-Threshold Detection
-Profile based
• Signature Detection: involves an attempt to
define a set of rules or attack patterns that can be
used to decide an intruders behavior.
19
Firewalls
• Provides an additional layer of defense
between internal systems and external
networks
• Firewalls use four techniques:
-Service Control
-Direction Control
-User Control
-Behavior Control
20
Firewall Capabilities
• Defines a single choke point that keeps
unauthorized users out of the protected
network.
• Provides a location for monitoring
security-related events.
• Provides a platform for several Internet
functions.
• Serves as a platform for IPSec.
21
Firewall Limitations
• Cannot protect against attacks that bypass
the firewall.
• May not protect against all internal threats.
• A wireless LAN may be accessed from
outside.
• A client (Laptop, PDA, portable storage
device, etc) may be infected outside and
then attached internally
22
Firewall Types
23
Antivirus Approaches
• Prevention: Do not all the virus to get into the
system.
• Detection: Once infection has occurred,
determine that it has occurred and locate the
virus.
• Identification: Once detection has been
achieved, identify the specific virus that has
infected a program.
• Removal: Remove all traces of the virus and
restore the program to its original state.
24
Generic Decryption
• Enables antivirus programs to detect
complex polymorphic viruses.
• Generic Decryption elements:
-CPU emulator
-Virus signature scanner
-Emulation control module
• The most difficult design issue is to
determine how long to run the scanner.
25
Digital Immune System
• Developed first by IBM, then refined by
Symantec.
• Provides a general purpose emulation and
virus detection system.
• Detects new viruses, analyze them, adds
detection and shielding for it, removes it
and passes information on about that virus
to other systems.
26
Digital Immune System
27
Behavior Backbone Software
• Integrates with the operating system and
monitors program behavior in real-time for
malicious actions.
• Blocks potentially malicious actions.
• Suspicious software is also blocked.
28
Behavior-Blocking Software
Operation
29
Requirements for Worm
Countermeasures
•
•
•
•
•
•
Generality
Timeliness
Resiliency
Minimal denial-of-service costs
Transparency
Global and local coverage
30
Classes of Worm Defense
• Signature-based worm scan filtering
• Filter-based worm containment
• Payload-classification-based worm
containment
• Threshold random walk (TRW) scan
detection
• Rate limiting
• Rate halting
31
Related documents
Panel: Security and the World Wide Web
Panel: Security and the World Wide Web
Chapter 24 - William Stallings, Data and Computer
Chapter 24 - William Stallings, Data and Computer
Britestream Applied: Check Point NGX Web Intelligence Accelerator
Britestream Applied: Check Point NGX Web Intelligence Accelerator
Security Issues: The RAL experience
Security Issues: The RAL experience
Ch_32 - UCF EECS
Ch_32 - UCF EECS
Slides for lecture 26
Slides for lecture 26
Secure Mobility - Grand Rapids ISSA
Secure Mobility - Grand Rapids ISSA
Electronic Payment Systems
Electronic Payment Systems
Slide 1
Slide 1
Net+ Chapter 1
Net+ Chapter 1
VPNs, PKIs, ISSs, SSLs with narration
VPNs, PKIs, ISSs, SSLs with narration
CMSC 414 Computer (and Network) Security
CMSC 414 Computer (and Network) Security
Protocol Overview
Protocol Overview
Security Without End Always-on SSL Protects Users with Persistent
Security Without End Always-on SSL Protects Users with Persistent
document
document
what are the three "core/key skills"?
what are the three "core/key skills"?
Protocol Overview
Protocol Overview
Programme Name> - Uka Tarsadia University
Programme Name> - Uka Tarsadia University
Hardware Building Blocks and Encoding
Hardware Building Blocks and Encoding
SSL and IPSec
SSL and IPSec
The Design and Implementation of a SSL Proxy
The Design and Implementation of a SSL Proxy
BLUE COAT TECHNOLOGY PARTNER: LOGRHYTHM
BLUE COAT TECHNOLOGY PARTNER: LOGRHYTHM