Computer Security Distributed System Security

Slides:



Advertisements
Similar presentations
Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi
Advertisements

SCSC 455 Computer Security
Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).
Akshat Sharma Samarth Shah
Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.
Network Security Introduction Security technologies protect mission-critical networks from corruption and intrusion. Network security enables new business.
Access Control Chapter 3 Part 3 Pages 209 to 227.
1 Defining System Security Policies. 2 Module - Defining System Security Policies ♦ Overview An important aspect of Network management is to protect your.
Access Control Methodologies
Using Kerberos the fundamentals. Computer/Network Security needs: Authentication Who is requesting access Authorization What user is allowed to do Auditing.
The Kerberos Authentication System Brad Karp UCL Computer Science CS GZ03 / M th November, 2008.
1 Lecture 12: Kerberos terms and configuration phases –logging to network –accessing remote server replicated KDC multiple realms message privacy and integrity.
CS470, A.SelcukKerberos1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.
(Remote Access Security) AAA. 2 Authentication User named "flannery" dials into an access server that is configured with CHAP. The access server will.
ISA 3200 NETWORK SECURITY Chapter 10: Authenticating Users.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 10 Authenticating Users By Whitman, Mattord, & Austin© 2008 Course Technology.
TCP/IP - Security Perspective Upper Layers CS-431 Dick Steflik.
CS 497C – Introduction to UNIX Lecture 35: - TCP/IP Networking Tools Chin-Chih Chang
S6C12 - AAA AAA Facts. AAA Defined Authentication, Authorization, and Accounting Central Management of AAA –Information in a single, centralized, secure.
Telnet/SSH: Connecting to Hosts Internet Technology1.
Information Security Depart. of Computer Science and Engineering 刘胜利 ( Liu Shengli) Tel:
Computation for Physics 計算物理概論 Introduction to Linux.
Csci5233 Computer Security1 Bishop: Chapter 27 System Security.
Authenticating Users Chapter 6. Learning Objectives Understand why authentication is a critical aspect of network security Describe why firewalls authenticate.
Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.
Windows Security. Security Windows 2000/XP Professional security oriented Authentication Authorization Internet Connection Firewall.
Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.
Designing Authentication for a Microsoft Windows 2000 Network Designing Authentication in a Microsoft Windows 2000 Network Designing Kerberos Authentication.
Breno de MedeirosFlorida State University Fall 2005 Windows servers The NT security model.
Module 9: Fundamentals of Securing Network Communication.
Planning a Microsoft Windows 2000 Administrative Structure Designing default administrative group membership Designing custom administrative groups local.
Application Services COM211 Communications and Networks CDA College Theodoros Christophides
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved. CNIT 221 Security 1 ver.2 Module 6 City College.
CPS Computer Security Tutorial on Creating Certificates SSH Kerberos CPS 290Page 1.
Security and Firewalls Ref: Keeping Your Site Comfortably Secure: An Introduction to Firewalls John P. Wack and Lisa J. Carnahan NIST Special Publication.
Database Security David Nguyen. Dangers of Internet  Web based applications open up new threats to a corporation security  Protection of information.
Module 2: Introducing Windows 2000 Security. Overview Introducing Security Features in Active Directory Authenticating User Accounts Securing Access to.
CPS Computer Security Tutorial on Creating Certificates SSH Kerberos CPS 290Page 1.
Active Directory. Computers in organizations Computers are linked together for communication and sharing of resources There is always a need to administer.
1 SUBMITTED BY- PATEL KUMAR C.S.E(8 th - sem). SUBMITTED TO- Mr. DESHRAJ AHIRWAR.
SSH. 2 SSH – Secure Shell SSH is a cryptographic protocol – Implemented in software originally for remote login applications – One most popular software.
IP Security (IPSec) Matt Hermanson. What is IPSec? It is an extension to the Internet Protocol (IP) suite that creates an encrypted and secure conversation.
1 Example security systems n Kerberos n Secure shell.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
What is Kerberos? Network authentication protocol Developed at MIT in the mid 1980s Kerberos is a three-headed dog Available as open source or in supported.
Chapter 7: Using Network Clients The Complete Guide To Linux System Administration.
Getting Connected to NGS while on the Road…
Secure services Unit-IV CHAP-1
Tutorial on Creating Certificates SSH Kerberos
Chapter 5 Linux Services
Cryptography and Network Security
SECURE SHELL MONIKA GUPTA COT 4810.
Module 4 Remote Login.
Radius, LDAP, Radius used in Authenticating Users
CSCE 715: Network Systems Security
Tutorial on Creating Certificates SSH Kerberos
CSCE 715: Network Systems Security
Chapter 27: System Security
Kerberos.
Cryptographic Protocols
Lesson 16-Windows NT Security Issues
Kerberos Kerberos is an authentication protocol for trusted hosts on untrusted networks.
Getting Connected to NGS while on the Road…
SECURITY IN THE LINUX OPERATING SYSTEM
Kerberos Part of project Athena (MIT).
KERBEROS.
Module 2 OBJECTIVE 14: Compare various security mechanisms.
Presentation transcript:

Computer Security Distributed System Security 11/28/2018

Distributed System Security Objectives Appreciate the security problems in distributed systems Examine which system layer is best suited for implementing security Analyze the security mechanisms currently used in distributed systems. 11/28/2018

Distributed System Security Introduction Moving from a centralized system to a distributed system has a major impact on security. It is essential to understand the implicit assumptions that underpin the security in a centralized system. 11/28/2018

Security Policies Users are not necessarily registered at the node they are accessing an object. How do you authenticate a user? Based on: the user identity The network address the user operates from What is the basis for access control mechanisms Based on The distributed service the user invokes (the access operation). 11/28/2018

Security Policies Unix takes the user identity approach for remote access services such as: ftp or telnet, rlogin telnet and rlogin create a remote virtual terminal. There are several major vulnerabilities with this approach. How will users access rights travel? 11/28/2018

Security Policies Example: You send a read request for data held at a remote server. The server writes the data to an output channel connecting back to you. Which access rules should the server apply: those for read access or those for write access? You may decide that users coming from certain “trusted” nodes need not be authenticated again. In Unix trusted hosts can be specified in the .rhosts file And trusted users in the rsh (remote shell) command 11/28/2018

Security Policies The trust relationships in Windows NT provide a more sophisticated for giving users in a trusted domain access to resources in a trusting domain. One way trust relationship trusted domain trusting domain User accounts from the trusted domain are valid in the trusting domain. 11/28/2018

Security Policies We also have two-way or more trust relationships. However it is important to note that trust is not transitive! A trust relationship is set up as follows: An administrator sets up an interdomain trust account specifying the name of the trusted domain and a password for this domain. 11/28/2018

Security Policies A trust relationship is set up as follows: An administrator sets up an interdomain trust account specifying the name of the trusted domain and a password for this domain. The password is given to the trusting domain. The Local Security Authority (LSA) in the trusting domain creates a trusted domain object, containing the name and SID of the trusted domain, and a secret object, containing the password received. 11/28/2018

Delegation In distributed systems controlled invocation takes on a new dimension. A user may login at a local node and execute a program on a remote node. To obtain access to resources the program will need the relevant access rights. Typically the program is endowed with the access rights of the user and runs with the access rights on the remote host. 11/28/2018

Delegation So the program is running with the access rights delegated by the user. Users may not feel too comfortable about releasing their rights to an unknown host! For example, if there is weak protection on the remote host, an attacker may grab the users access right and use it for an illicit purpose. For popular services one can create a proxy users to deal with remote service requests. 11/28/2018

Security enforced Once policies are sorted out, these must be enforced Where do you authenticate the user? Where do you make an access control decision? There are several possible approaches: Use a Kerberos type mechanism with An authentication server and Ticket granting servers Install a firewall to control access to an internal network. 11/28/2018

Authentication Unprotected passwords transmitted over public networks are an obvious vulnerability. We shall consider two security enforcement schemes: A central security enforcement scheme: Kerberos A local security enforcement scheme: DSSA/SPX 11/28/2018

A central security enforcement scheme Kerberos Authentication is based on two basic concepts: tickets and security servers. Kerberos authentication server (KAS): Authenticates principals at login and issues tickets which are valid for one login session and enable principals to obtain other tickets from ticket-granting servers. Ticket granting servers (TGS): Issue tickets that give principals access to network services. 11/28/2018

Kerberos TGS KAS A B A,TGS,L1,N1 eKa(TGS,Ka,tgs,Ticketa,tgs,L1,N1) 3 4 2 5 KAS A B 1 6 A,TGS,L1,N1 eKa(TGS,Ka,tgs,Ticketa,tgs,L1,N1) A,B, L2,N2 ,Ticketa,tgs, eKa,tgs(A,T3) eKa,tgs(B,Ka,b,Ticketa,b,L2,N2) eKa,b(A,T4),Ticketa,b eKa,b(T4) Ticketa,tgs= eKtgs(Ka,tgs,A,T1,L1) Ticketa,b = eKb(Ka,b,A,T2,L2) 11/28/2018

Kerberos Remarks: In the basic Kerberos scheme the session keys are symmetric. The encryption keys Ka (or Kb) can be symmetric, or alternatively Public Encryption Keys may be used. Revocation: The KAS and TGS update their access rights database. 11/28/2018

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.