@Yuan Xue CS 285 Network Security Fall 2012 Yuan Xue.

Slides:



Advertisements
Similar presentations
Network Security Chapter 1 - Introduction.
Advertisements

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
CMSC 414 Computer and Network Security Lecture 26 Jonathan Katz.
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
Cryptography and Network Security Chapter 1
Chapter 1 This book focuses on two broad areas: cryptographic algorithms and protocols, which have a broad range of applications; and network and Internet.
1 Network Security Ola Flygt Växjö University
Chapter 1 – Introduction
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming, but on our own readiness to receive him; not.
Applied Cryptography for Network Security
Introduction CS-480b Dick Steflik. X.800 – OSI Security Services Security Service – a service provided by a protocol layer of communicating open systems,
Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,
Cryptography and Network Security Overview & Chapter 1 Fifth Edition by William Stallings Lecture slides by Lawrie Brown Editied by R. Newman.
Bazara Barry1 Security on Networks and Information Systems Bazara I. A. Barry Department of Computer Science – University of Khartoum
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Virtual Private Networks Shamod Lacoul CS265 What is a Virtual Private Network (VPN)? A Virtual Private Network is an extension of a private network.
Cryptography and Network Security Chapter 1 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Review security basic concepts IT 352 : Lecture 2- part1 Najwa AlGhamdi, MSc – 2012 /1433.
1 Cryptography and Network Security Fourth Edition by William Stallings Lecture slides by Lawrie Brown Changed by: Somesh Jha [Lecture 1]
Cryptography and Network Security Overview & Chapter 1 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Dr. Lo’ai Tawalbeh 2007 INCS 741: Cryptography Chapter 1:Introduction Dr. Lo’ai Tawalbeh New York Institute of Technology (NYIT) Jordan’s Campus
Cryptography and Network Security Chapter 1
Cryptography and Network Security Overview & Chapter 1 Fifth Edition by William Stallings.
Cryptography and Network Security
Eng. Wafaa Kanakri Second Semester 1435 CRYPTOGRAPHY & NETWORK SECURITY Chapter 1:Introduction Eng. Wafaa Kanakri UMM AL-QURA UNIVERSITY
@Yuan Xue Network Security Review and Beyond Network Security.
Network Security Essentials Chapter 1
Network Security Essentials Chapter 1 Fourth Edition by William Stallings (Based on Lecture slides by Lawrie Brown)
OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),
@Yuan Xue CS 285 Network Security Fall 2008.
OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
Chapter 1 Overview. The art of war teaches us to rely not on the likelihood of the enemy's not coming, but on our own readiness to receive him; not on.
Chapter 1 Overview The NIST Computer Security Handbook defines the term Computer Security as:
Karlstad University IP security Ge Zhang
Chapter 9 Networking & Distributed Security. csci5233 computer security & integrity (Chap. 9) 2 Outline Overview of Networking Threats Wiretapping, impersonation,
1 University of Palestine Information Security Principles ITGD 2202 Ms. Eman Alajrami 2 nd Semester
. 1. Computer Security Concepts 2. The OSI Security Architecture 3. Security Attacks 4. Security Services 5. Security Mechanisms 6. A Model for Network.
Introduction1-1 Data Communications and Computer Networks Chapter 6 CS 3830 Lecture 28 Omar Meqdadi Department of Computer Science and Software Engineering.
1 Chapter 1 – Background Computer Security T/ Tyseer Alsamany - Computer Security.
Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 1 “Overview”. © 2016 Pearson.
Topic 1 – Introduction Huiqun Yu Information Security Principles & Applications.
IP security Ge Zhang Packet-switched network is not Secure! The protocols were designed in the late 70s to early 80s –Very small network.
Cryptography and Network Security Chapter 1. Background  Information Security requirements have changed in recent times  traditionally provided by physical.
1 Network Security: Introduction Behzad Akbari Fall 2009 In the Name of the Most High.
By Marwan Al-Namari & Hafezah Ben Othman Author: William Stallings College of Computer Science at Al-Qunfudah Umm Al-Qura University, KSA, Makkah 1.
@Yuan Xue CS 285 Network Security Placement of Security Function and Security Service Yuan Xue Fall 2013.
IP Security (IPSec) Matt Hermanson. What is IPSec? It is an extension to the Internet Protocol (IP) suite that creates an encrypted and secure conversation.
Unit 2 Personal Cyber Security and Social Engineering Part 2.
1 Network Security Maaz bin ahmad.. 2 Outline Attacks, services and mechanisms Security attacks Security services Security Mechanisms A model for Internetwork.
@Yuan Xue Case Study (Mid-term question) Bob sells BatLab Software License Alice buys BatLab Credit card information Number of.
Network Security Overview
Database Management Systems, 3ed, R. Ramakrishnan and J. Gehrke1 Database architecture and security Workshop 4.
@Yuan Xue CS 285 Network Security IP Security Yuan Xue Fall 2013.
Lecture 1 Introduction Dr. nermin hamza 1. Aim of Course Overview Cryptography Symmetric and Asymmetric Key management Researches topics 2.
Cryptography and Network Security
CS457 Introduction to Information Security Systems
Cryptography and Network Security
Information System and Network Security
Information Security.
Secure Sockets Layer (SSL)
10CS835 Information Security
Cryptography and Network Security Chapter 1
Cryptography and Network Security
Unit 8 Network Security.
Introduction to Cryptography
Cryptography and Network Security
Security Mechanisms Network Security.
Presentation transcript:

@Yuan Xue CS 285 Network Security Fall 2012 Yuan Xue

@Yuan Xue Outline Security Overview Cryptography Symmetric cipher

@Yuan Xue Security Overview – Quick Review Requirements -Security Triad Confidentiality Integrity Availability

@Yuan Xue Where the problem comes from? - Security Vulnerability, Threat and Attack Vulnerability: an aspect of the system that permits attackers to mount a successful attack, sometimes also called a “security hole”. Weakness: a potential vulnerability, whose risk is not clear. Sometimes several weaknesses might combine to yield a full-fledged vulnerability. Threat: a circumstance or scenario with the potential to exploit a vulnerability, and cause harm to a system. Attack: A deliberate attempt to breach system security. Note that not all attacks are successful. An attack usually refers to a specific action. A threat refers to a broader class of ways that things could go wrong. Attacks are usually classified into two types:  Passive attack refers to attack that does not result in a change to the system, and attempts to break the system solely based upon observed data.  Active attack, on the other hand, involves modifying, replaying, inserting, deleting, or blocking data.

@Yuan Xue Network Threats Attacks against confidentiality eavesdropping traffic flow analysis

@Yuan Xue Network Threats Attacks against integrity

@Yuan Xue Network Threats Attacks against availability Denial of service

@Yuan Xue What are the solutions - Security Mechanisms Network Security Cryptographic Approach  Encryption  Data integrity protection & Digital Signature  Authentication Network Approach  Traffic control System Approach  Intrusion detection systems  Firewall System Security Authentication Access Control (Authorization) Multi-level Security Program Security Programming frameworks Strong typing system

@Yuan Xue An Example Two models to protect files on your disk Encryption Access control

@Yuan Xue OSI Security Architecture X.800 “Security Architecture for OSI” Defines a systematic way of defining and providing security requirements Provides a useful abstract overview of the security concepts Security Attacks Security Mechanisms Security Services

@Yuan Xue Security Mechanism and Service Security Mechanism a mechanism that is designed to detect, prevent, or recover from a security attack. More than a particular algorithm or protocol Specific mechanism Encryption Integrity protection Digital signature Notarization Authentication exchange Access control Traffic padding Routing control Pervasive mechanism: trusted functionality, security labels, event detection, security audit trails, security recovery Security Service (X.800) A service that is provided by a protocol layer that ensures adequate security of the systems or data transfers. Authentication Access Control Data Confidentiality Connection/connectionless/s elective field/traffic flow Data Integrity  Connection/connectionless/s elective field/with or without recovery Non-Repudiation Source/destination Implementation/ Placement Physical/logical

@Yuan Xue Relationship Between Security Service and Security Mechanisms

@Yuan Xue Challenges of Computer Security Requirements are straightforward Mechanisms used to meet these requirements can be quite complex Principle of Easiest Penetration An intruder are expected to use any available means of penetration. Computer security specialists must consider all possible means of penetration. Integration of security design with system design Tension between usability/utility and security/privacy

@Yuan Xue Why many solutions fail? Protect wrong things Protect right things in the wrong way

@Yuan Xue Issues that will be addressed in this class

@Yuan Xue Network Security Issues From a Computer to Internet Single computer Networking environment  Secure communication in a public environment  Computer system security with remote access Internet Link IP TCP/UDP Application Link IP TCP/UDP Application Link IP Link IP Network Security

@Yuan Xue Multi/Demultiplex port CW port Congestion window port Congestion window port SSL_CTX SSL SSL_SESSION HTTP Application Transport Network Link Fragment/Reassemble Forward Routing IP Address Routing table Forwarding table WPA/WPA2 with SMTP PGP FTP User ID/ /Key ID UDPTCP SSL HTTPS CW port Stream Frame Packet payloadTCP hdr payload SSL hdr payloadSSL hdr payloadIPSecSSLIP IPSec SADB TCP payloadIPSecSSLIPTCP (Transport mode) MAC

@Yuan Xue Web Security In A Picture Web Server TCP SSL HTTPS Server side script database Web Browser TCP SSL Client side script HTTP certificate SSL Authentication via X.509 certificate HTTP Authentication User+Password In HTML FORM Password file

@Yuan Xue How to study network security? Learning methodology examine all possible vulnerabilities of the system consider available countermeasures.

@Yuan Xue Readings Required Reading [WS] Chapter 1 Additional Reading [MB]