Chapter 19: Computer and Network Security Techniques Business Data Communications, 6e.

Slides:

Advertisements

Similar presentations

Internet Protocol Security (IP Sec)

Advertisements

Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.

Lecture slides for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 9 “Firewalls and Intrusion Prevention.

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

Computer Security: Principles and Practice Chapter 9 – Firewalls and Intrusion Prevention Systems.

FIREWALLS Chapter 11.

Secure Socket Layer.

Unifying the conceptual levels of network security through use of patterns Ph.D Dissertation Proposal Candidate: Ajoy Kumar, Advisor: Dr Eduardo B. Fernandez.

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)

Internet Security CS457 Seminar Zhao Cheng. Security attacks interruption, interception, modification, fabrication passive attack, active attack.

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.

Henric Johnson1 Ola Flygt Växjö University, Sweden IP Security.

Lecture 14 Firewalls modified from slides of Lawrie Brown.

Guide to Network Defense and Countermeasures Second Edition

Lecture 22 Internet Security Protocols and Standards

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 30 Internet Security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.

Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.

Chapter 15 Computer Security Techniques Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Operating Systems: Internals and Design.

Lecture 22 Internet Security Protocols and Standards modified from slides of Lawrie Brown.

Internet Protocol Security (IPSec)

Chapter 8 Web Security.

Chapter 20: Network Security Business Data Communications, 4e.

Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.

Lecture 11 Intrusion Detection (cont)

INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.

By:Tanvi lotliker TE COMPUTER

Authentication Assures that a received packet was, in fact, transmitted by the party identified as the source in the packet header Assures that the.

Information Systems CS-507 Lecture 40. Availability of tools and techniques on the Internet or as commercially available software that an intruder can.

Why do we need Firewalls? Internet connectivity is a must for most people and organizations  especially for me But a convenient Internet connectivity.

SYSTEM ADMINISTRATION Chapter 13 Security Protocols.

32.1 Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction.

BY ANDREA ALMEIDA T.E COMP DON BOSCO COLLEGE OF ENGINEERING.

Chapter 13 – Network Security

OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.

An Introduction to Encrypting Messages on the Internet Mike Kaderly INFS 750 Summer 2010.

1 Section 10.9 Internet Security Association and Key Management Protocol ISAKMP.

Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),

OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.

Cryptography and Network Security (CS435) Part Fourteen (Web Security)

Web Security : Secure Socket Layer Secure Electronic Transaction.

Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.

IT:Network:Apps.  RRAS does nice job of routing ◦ NAT is nice ◦ BASIC firewall ok but somewhat weak  Communication on network (WS to SRV) is in clear.

1 Chapter Overview Password Protection Security Models Firewalls Security Protocols.

Chapter 22 Internet Security Protocols and Standards.

1 Class 15 System Security. Outline Security Threats (External: malware, spoofing/phishing, sniffing, & data theft: Internal: unauthorized data access,

11 SECURING NETWORK COMMUNICATION Chapter 9. Chapter 9: SECURING NETWORK COMMUNICATION2 OVERVIEW  List the major threats to network communications. 

Switch Features Most enterprise-capable switches have a number of features that make the switch attractive for large organizations. The following is a.

Chapter 32 Internet Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

Virtual Private Network. ATHENA Main Function of VPN  Privacy  Authenticating  Data Integrity  Antireplay.

Cryptography and Network Security Sixth Edition by William Stallings.

Securing Data Transmission and Authentication. Securing Traffic with IPSec IPSec allows us to protect our network from within IPSec secures the IP protocol.

Lect 8 Tahani al jehain. Types of attack Remote code execution: occurs when an attacker exploits a software and runs a program that the user does not.

Securing Access to Data Using IPsec Josh Jones Cosc352.

IP Security (IPSec) Matt Hermanson. What is IPSec? It is an extension to the Internet Protocol (IP) suite that creates an encrypted and secure conversation.

Cryptography CSS 329 Lecture 13:SSL.

Unit 2 Personal Cyber Security and Social Engineering Part 2.

Network security Presentation AFZAAL AHMAD ABDUL RAZAQ AHMAD SHAKIR MUHAMMD ADNAN WEB SECURITY, THREADS & SSL.

Computer and Network Security

CompTIA Security+ Study Guide (SY0-401)

UNIT.4 IP Security.

Visit for more Learning Resources

BINF 711 Amr El Mougy Sherif Ismail

CompTIA Security+ Study Guide (SY0-401)

Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls

Presentation transcript:

Chapter 19: Computer and Network Security Techniques Business Data Communications, 6e

IPSec Functions Authentication Header (AH) Encapsulating Security Payload (ESP) Key exchange 2

ESP Transport and Tunnel Mode Transport mode: provides protection primarily for upper-layer protocols. Typically used for end-to-end communications between two hosts. Payload is encrytped but not the header. Tunnel mode: provides protection for the entire IP packet. The entire packet is placed within a new outer IP packet. Used when one destination is a security gateway. 3

Scope of ESP Encryption and Authentication 4

Key Management Manual: system administrator manually configures each system with its own keys and with the keys of other communicating systems. Automatic: An automated system enables the on-demand creation of keys and facilitates the use of keys. Used in large system configurations. 5

Advantages of IPSec Provides managers with a standard means of implementing security for VPNs. Encryption and authentication algorithms and security protocols are well studied. Users can be confident that IPSec provides strong security. Can be implemented in firewalls and routers owned by the organization, giving network managers control over security. 6

SSL Architecture Provides reliable end-to-end secure service. Uses two layers of protocols. SSL Record Protocol provides basic security services to higher layer protocols such as HTTP SSL includes: - Handshake Protocol -Change Cipher Spec Protocol -Alert Protocol 7

SSL Protocol Stack 8

Key SSL Concepts Connection: a transport that provides a suitable type of service. Every connection is associated with one session. Session: an association between client and server. Defien a set of sryptographic security parameters which can be sharedby multiple connections. 9

SSL Record Protocol Operation 10

SSL Protocols Change Cipher Spec Protocol: simplest protocol, consists of a single byte with a value of 1; causes the pending state to be copied into the current state. Alert Protocol: used to convey SSL related alerts to the peer entity. Each message consisst of 2 bytes; the first denotes a warning or fatal error. 11

Handshake Protocol The most complex part of SSL. Allows for servers and clients to authenticate each other, negotiate an encryption and MAC algorithm and cryptographic keys to protect data. Used before any application data is transmitted. 12

Handshake Protocol Phases Phase 1: Initiates logical connection Phase 2: passes certificate, additional key information and request for client certificate. Also passes server-done message. Phase 3: client sends message to server depending on underlying public-key scheme. Phase 4: completes setting up the secure connection. 13

802.11i Operational Phases 14

802.11i Architecture Authentication: protocol used to define an exchange between a user and an AS Access control: function that enforces the use of the authentication function, routes messages properly and facilitates key exchange. Privacy with message integrity: MAC-level data are encrypted along with a message integrity code that ensures that the data have not been altered. 15

802.11i Access Control 16

Intrusion Detection Security Intrusion : a security event, or a combination of multiple security events, that constitutes a security incident in which an intruder gains, or attempts to gain, access to a system (or system resource) without having authorization to do so. Intrusion Detection: A security service that monitors and analyzes system events for the purpose of finding and providing real- time or near-real-time warning of, attempts to access system resources in an unauthorized manner. Intrusion Detection System Classification: -Host-based IDS -Network-based IDS 17

IDS Logical Components Sensors Analyzers User Interface 18

Approaches to Host-Based IDSs Anomaly Detection: involves the collection of data relating to the behavior of legitimate users over time. -Threshold Detection -Profile based Signature Detection : involves an attempt to define a set of rules or attack patterns that can be used to decide an intruders behavior. 19

Firewalls Provides an additional layer of defense between internal systems and external networks Firewalls use four techniques: -Service Control -Direction Control -User Control -Behavior Control 20

Firewall Capabilities Defines a single choke point that keeps unauthorized users out of the protected network. Provides a location for monitoring security-related events. Provides a platform for several Internet functions. Serves as a platform for IPSec. 21

Firewall Limitations Cannot protect against attacks that bypass the firewall. May not protect against all internal threats. A wireless LAN may be accessed from outside. A client (Laptop, PDA, portable storage device, etc) may be infected outside and then attached internally 22

Firewall Types 23

Antivirus Approaches Prevention: Do not all the virus to get into the system. Detection: Once infection has occurred, determine that it has occurred and locate the virus. Identification: Once detection has been achieved, identify the specific virus that has infected a program. Removal: Remove all traces of the virus and restore the program to its original state. 24

Generic Decryption Enables antivirus programs to detect complex polymorphic viruses. Generic Decryption elements: -CPU emulator -Virus signature scanner -Emulation control module The most difficult design issue is to determine how long to run the scanner. 25

Digital Immune System Developed first by IBM, then refined by Symantec. Provides a general purpose emulation and virus detection system. Detects new viruses, analyze them, adds detection and shielding for it, removes it and passes information on about that virus to other systems. 26

Digital Immune System 27

Behavior Backbone Software Integrates with the operating system and monitors program behavior in real-time for malicious actions. Blocks potentially malicious actions. Suspicious software is also blocked. 28

Behavior-Blocking Software Operation 29

Requirements for Worm Countermeasures Generality Timeliness Resiliency Minimal denial-of-service costs Transparency Global and local coverage 30

Classes of Worm Defense Signature-based worm scan filtering Filter-based worm containment Payload-classification-based worm containment Threshold random walk (TRW) scan detection Rate limiting Rate halting 31