Computer security: certification

Slides:



Advertisements
Similar presentations
Enabling Secure Internet Access with ISA Server
Advertisements

Troubleshooting using HTTP Headers
DEV034 -Web Applications, Introduction
Local Wireless Network - An wireless Access Point (AP) which is the bridge the ethernet network and the wireless network -The AP protect its wireless network.
Introduction to the Internet September 7, 2005 Lecture 1.
Skills: none Concepts: protocol, hypertext transfer protocol, standard This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike.
Embracing the chaos mark lorenc
CSC 2720 Building Web Applications Servlet – Getting and Setting HTTP Headers.
Copyright (c) 2011, FireEye, Inc. All rights reserved. | CONFIDENTIAL 1 Stopping Next-Gen Threats Dan Walters – Sr. Systems Engineer Mgr.
Presenter, Sai Krishna.  Introduction to session management  Ways of doing session management  Creating and Handling cookies  Problems with User sessions.
Web Architecture Dr. Frank McCown Intro to Web Science Harding University This work is licensed under a Creative Commons Attribution-NonCommercial- ShareAlike.
Basic Network Services IMT 546 – Lab 4 December 4, 2004 Agueda Sánchez Shannon Layden Peyman Tajbakhsh.
表單 (Form)
1 Introductory material. This module illustrates the interactions of the protocols of the TCP/IP protocol suite with the help of an example. The example.
Application Layer Khondaker Abdullah-Al-Mamun Lecturer, CSE Instructor, CNAP AUST.
NETWORK HARDWARE AND SOFTWARE MR ROSS UNIT 3 IT APPLICATIONS.
HTTP How the Internet servers and clients communicate.
Computer security: certification Frans Kaashoek Spring 2007.
PHP Security Ryan Dunn Jason Pack. Outline PHP Overview PHP Overview Common Security Issues Common Security Issues Advanced Security Issues Advanced Security.
SESSION AND COOKIE MANAGEMENT IN.NET. Topics Covered Introduction to session management Ways of doing session management Creating and Handling cookies.
表單 (Form). … Ex. … method  method="get"  URL:  HTTP message entity: none  不可超過 256 個字元  method="post"
DEV336. demo HTTP Packet Trace GET / HTTP/1.1 Accept: text/html, application/xhtml+xml, */* Accept-Language: en-US User-Agent: Mozilla/5.0 (compatible;
Unit 2 Personal Cyber Security and Social Engineering Part 2.
“My Company's Intellectual Property Went to China and All I Got Was This Lousy Pink Slip” Defending Against Data-Exfiltrating Malware Joe Stewart, GCIH.
6.033 Lecture 24 Protocols and Authorization Nickolai Zeldovich Spring 2009.
Firewalls Definition: Device that interconnects two or more networks and manages the network traffic between those interfaces. Maybe used to: Protect a.
Unique Number Parameter
Random Number Parameter
(Hypertext Transfer Protocols Headers)
5/7/2018 Java Security and a Firewall Extension for Authenticity Control of Java Applets.
Configuring ALSMS Remote Navigation
Beginning XML 4th Edition.
Enabling Secure Internet Access with TMG
HTTP – An overview.
Hypertext Transfer Protocol
EMBEDDED WEB TECHNOLOGY
Lecture 5. Security Threats
Module 8: Securing Network Traffic by Using IPSec and Certificates
Internet Services I November 23, 1999
Random String Parameter
Introduction Web Environments
Debugging Your Website with Fiddler and Chrome Developer Tools
Troubleshooting IP Communications
IE.
Configuring TMG as a Firewall
TCP/IP Networking An Example
HTTP Protocol.
Dominik Pinter, CMS.IO, Authentication Dominik Pinter,
Date Time Parameter.
Internet Protocol Mr. Paulk.
HTTP request message two types of HTTP messages: request, response
Privacy Protecting Technologies
CS320 Web and Internet Programming Cookies and Session Tracking
Networking INFO/CSE 100, Spring 2006 Fluency in Information Technology
Multiwavelets for Quantitative Pattern Matching Bruce Kessler Western Kentucky University Hawaiian International Conference on System Sciences Decision.
HTTP Request Method URL Protocol Version GET /index.html HTTP/1.1
CDK4: Chapter 7 CDK5: Chapter 11 TvS: Chapter 9
Uniform Resource Locators (URLs)
CS3220 Web and Internet Programming Cookies and Session Tracking
Distributed Systems - Comp 655
Module 8: Securing Network Traffic by Using IPSec and Certificates
CS3220 Web and Internet Programming Handling HTTP Requests
CDK: Chapter 7 TvS: Chapter 9
Kevin Harville Source: Webmaster in a Nutshell, O'Rielly Books
The Application Layer: HTTP
Web Access Authentication
CS3220 Web and Internet Programming Cookies and Session Tracking
Unit 8 Network Security.
Uniform Resource Locators (URLs)
CSCI-351 Data communication and Networks
Presentation transcript:

Computer security: certification 6.033 Spring 2007

How confidential is traffic in this lecture room? sudo tcpdump -s 0 -Ai en1 Complete trace of all packets on wirelessc3d4 c3d4 a1b2 0002 0004 0000 0000 You shouldn’t do this Example: 13:57:53.794429 IP 18.188.69.36.mdns > 224.0.0.251.mdns: 0 [4a] [4q] SRV? Ben’s music._daap._tcp.local. TXT? Ben’s music._daap._tcp.local. A? ben-powerbook-g4-15.local. AAAA? ben-powerbook-g4-15.local. (367)

Example Data inside packet GET /tracking/tracking.cgi?tracknum=1Z1836810375022812 HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shock wave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application /msword, */* Accept-Language: en-us Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; InfoPath.1) Host: wwwapps.ups.com Connection: Keep-Alive

URLs are visible in Referer and in the GET command

Auxiliary Material for Lecture

Research into Video Streaming for DP2?

GMail is not encrypted by default Passed in the clear: Contacts lists GCalendar events GZipped text Inbox entries Mail messages ["112677a23fed4887",0,0,"12:58 pm","\u003cspan id\u003d\"_upro_rms@ gnu.org\"\>Richard Stallman\u003c/span\>"," ","[csail-related] Thwart big brother--trade charlie cards. 13:45 Tuesday at rm 381","I have a charlie card with zero value currently stored on on it which I used for a couple of …",[],"","112677a23fed4887",0,"Mon May 7 2007_12:58 PM",0,"",0,0,1] Hint: Change the GMail URL to https:// !

IChat is Plaintext strings log.dump | grep ichatballoon | cut -d\>  -f 4- A: it's just better not to reveal personal information B: why? A: I dunno, identity theft and stuff B: oh, okay A: maybe I just won't worry about it

Authentication logic (p 11-83) 1. Delegation of authority: If A says (B speaks for A)  B speaks for A 2. Use of delegated authority: If B speaks for A and B says (A says X)  A says X 3. Chaining of delegation If B speaks for A and A speaks for C  B speaks for C

Example 0. {A: M}KApriv if verify( ..., KApub) accepts then: KApriv says A says M if KApriv speaks for KApub, apply rule 3: KApub says A says M if KApub speaks for A, apply rule 2: A says M does KApub speak for A?

1. {KApub speaks for A}KMITpriv 2. KMITpriv says KApub speaks for A if verifies with KMITpub 2. KMITpriv says KApub speaks for A if KMITpriv speaks for KMITpub 3. KMITpub says KApub speaks for A if KMITpub speaks for MIT 4. MIT says KApub speaks for A if MIT speaks for A 5. KApub speaks for A